Facebook, the world’s largest social network breached by exposing the data of more than 267 million Facebook users online.
Security expert Bob Diachenko, along with Comparitech discovered a database containing more than 267 million Facebook user records.
The database was first indexed on December 4. Diachenko discovered the database on December 14 and immediately sent an abuse report to the ISP managing the IP address of the server. The database is now unavailable on the IP address where it was found. It was posted as a hacker forum on December 12.
What information did the database contain?
- A unique Facebook ID
- A phone number
- A full name
- A timestamp
The server also included a landing page with a login dashboard and a welcome note in the Vietnamese language.
According to researchers the affected Facebook users we’re mostly from the U.S.
How did the hackers get the information?
It is still unclear how the hackers got the information. “One possibility is that the data was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018. Facebook’s API is used by app developers to add social context to their applications by accessing users profiles, friend list, groups, photos and event data. Phone numbers were available to third-party developers prior to 2018,” reads the post published by comparitech.
Diachenko says Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted.
Another possibility is that the data was scraped from publicly visible profile pages.
This large exposed data puts users at risk of spam and phishing scams.
You may be interested in reading: ASP.NET Hit by Ransomware