267 million – mostly American – Facebook users IDs, names and phone numbers have been exposed online in unsecured database
- Cybersecurity firm found an unsecure database of Facebook user data online
- Approximately 267,140,436 records were exposed and shared on the dark web
- The database included IDs, phone numbers and full names of users
- The database has since been shut down, but was live on the web for two weeks
The records of hundreds of millions Facebook users was discovered in a online forum on the dark web.
The unsecure database contained the IDs, phone numbers and full names of 267 million users, most of which reside in the US.
Although it is not yet clear how the sensitive information was exposed, experts speculate the database was compiled through an illegal process called ‘scraping’ – automated bots copied public information from Facebook profiles.
The leak was discovered by the cybersecurity firm Comparitech in partnership with security researcher Bob Diachenko.
The records of hundreds of millions Facebook users was discovered in a online forum on the dark web. The unsecure database contained the IDs, phone numbers and full names of 267 million users, most of which reside in the US
Paul Bischoff with Comparitech shared: ‘Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster.’
‘Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.’
Shortly after the information was spotted, Diachenko reached out to the proper authorities to have access to the database removed.
However, it appears the data was exposed for close to two weeks before being taken down.
Although it is not yet clear how the sensitive information was exposed, experts speculate the database was compiled through an illegal process called ‘scraping’ – automated bots copied public information from Facebook profiles
According to a timeline put together by Comparitech, the database was first indexed on December 4 and wasn’t closed until December 19.
Approximately 267,140,436 records were exposed, most of which were of users living in the US– and Diachenko said all of the data appeared to be valid.
The experts are not sure how the information landed in the hands of cyberthieves, but they do have their hunches.
The first possibility is that the hackers stole the data from Facebook’s developer API prior to Facebook restricting access to phone numbers last year.
Diachenko told Comparitech: ‘Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted.’
The other way may have been the criminals used an illegal process called ‘scraping’.
This involves bots combing through numerous web pages and copying data as they go along.
‘A database this big is likely to be used for phishing and spam, particularly via SMS. Facebook users should be on the lookout for suspicious text messages,’ Bischoff wrote.
‘Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.’
WHAT IS THE CAMBRIDGE ANALYTICA SCANDAL?
Communications firm Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters’ choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.