Researcher: Data on 267 million Facebook users exposed | Inquirer Technology

Researcher: Data on 267 million Facebook users exposed

/ 07:03 AM December 21, 2019

AP

A Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users — nearly all U.S.-based — on the open internet. That data was likely harvested by criminals, said researcher Bob Diachenko, an independent security consultant in Kyiv.

The database, which Diachenko discovered with a search engine, was freely accessible online for at least 10 days beginning Dec. 4, he said. He notified the internet provider where it was hosted when he found it on Dec. 14; five days later it was no longer available.

Article continues after this advertisement

Diachenko said someone downloaded the database to a hacker forum two days before he discovered it so it may have been shared among online thieves.

FEATURED STORIES

He first reported the finding Thursday in partnership with the U.K. tech news website Comparitech, which editor Paul Bischoff said has been helping write up Diachenko’s discoveries of unsecured databases for about a year.

The researcher provided the AP with a 10-record sample from the database and the IDs — and two phone numbers that were answered — checked out against real Facebook users.

Article continues after this advertisement

The evidence suggests the data was collected illegally, most likely by criminals in Vietnam who may have “scraped” it from public Facebook pages or by somehow obtaining privileged access to the service. Scraping is automated data-harvesting done by bots. A small fraction of the database include details on Vietnam-based users.

Article continues after this advertisement

Diachenko said he did not share the database with Facebook, which did not directly confirm the finding. In a statement, the social network said it was investigating the issue and that the finding “likely” involved information obtained before Facebook took unspecified data-protection measures in recent years.

Article continues after this advertisement

In 2018, the social media giant disabled a feature that allowed users to search for one another via phone number following revelations that the political firm Cambridge Analytica had accessed information on up to 87 million Facebook users without their knowledge or consent.

Diachenko said he had not determined when the data was collected. He said all the records had time stamps from January to June 2019 but that it was unclear who generated them.

Article continues after this advertisement

Security experts say the affected Facebook users are at higher risk of being targeted by spam, password-stealing phishing attacks and identity theft attempts. The information can be cross-referenced with physical and email addresses and other data obtained in other data breaches. Facebook user IDs are unique numbers associated with individual accounts.

In September, the news site TechCrunch reported that Facebook IDs and phone numbers for more than 400 million users were similarly found exposed online by a researcher.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

In March, Facebook disclosed that it had left hundreds of millions of user passwords readable by its employees on internal severs for years after a security researcher exposed the lapse.

TOPICS: Data Leak, data privacy, Facebook, hacking, online security
TAGS: Data Leak, data privacy, Facebook, hacking, online security

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.