A network database containing more than 267 million Facebook user IDs, names, and phone numbers has been made public. It can be accessed by anyone in two weeks, and it has also been posted on a hacker forum.
Following the Cambridge analysis scandal, Facebook was exposed to a major data breach.
According to the British "Daily Mail" report, on December 19 local time, a network database containing more than 267 million Facebook user IDs, names and phone numbers and other information was made public. It can be accessed by anyone in two weeks. Was posted on the hacker forum. A Facebook spokesperson said that the database has been destroyed.
Bob Diachenko, a researcher at cybersecurity company Comparitech, first discovered the database on the dark web. The database contains 267140436 records, each record includes personal information such as Facebook user ID, name and phone number, and most of the affected users are from the United States. Among them, Facebook ID is a unique public number associated with a specific account, which can be used to identify the user name and other profile information of the account.
Diachenko said that the database first appeared on the Internet on December 4 and was publicly shared on the hacker forum on the 12th, and can no longer be used from the 19th. Diachenko discovered the database and immediately sent an abuse report to the Internet service provider that manages the IP address.
Although it is unclear how the information was made public, Diachenko eventually traced it back to Vietnam when he traced the database. Diachenko said that Facebook's API (application programming interface) may also have a security hole that allows criminals to access the user's ID and phone number even after access is restricted.
He also guessed that the data might have been stolen without using the Facebook API. Because many people set Facebook's personal data as public (publicly visible), malicious people can use automated robots to quickly screen a large number of web pages through "Scraping" methods, and copy the data from each web page to the database.
A Facebook spokesperson confirmed to the "Daily Mail" that the database has been destroyed. "We are investigating this issue. We believe that this information is most likely collected before our adjustment." , Facebook began to restrict access to phone numbers, these data may be collected by tools disabled by Facebook.
It is reported that the same situation occurred in September this year, and the database of 419 million phone numbers associated with Facebook accounts was also exposed. A Facebook spokesperson said at the time that the actual leaked user data was about 210 million, because there are many duplicates in the 419 million data. According to foreign media reports, before April 2018, Facebook allowed users to search for other users by phone number. This seems to be a benign tool, but in fact personal data is also easily hijacked by crawlers.
In addition, Comparitech said that such a huge database is likely to be used for phishing or spam, and Facebook users should pay attention to suspicious text messages. Therefore, the company also reminds Facebook users that even if the sender knows your name or some of your basic information, they should be skeptical of any unverified information.