Millions of Facebook users have data exposed online
Two huge databases containing the records of over 300
million Facebook users, including their user IDs, phone numbers and names, have
been leaked online.
The breach was detected by security researcher Bob
Diachenko, who found the first exposed database last December.
He believes that the large collection of Facebook user data
was collected by cybercriminals in Vietnam either through an illegal scraping
operation or by abusing the social network's API based on the evidence he
uncovered.
In situations such as this, Diachenko usually notifies
database owners first but since this data likely belonged to a criminal
organization, he notified the internet service provider managing the IP address
of the exposed server instead. Unfortunately, the leaked data was also posted
on a hacker forum where others can download it and use it to launch phishing
and other cyberattacks online.
Now, a second server containing the same data along with an
additional 42m records has also been discovered, apparently operated by the
same group of cybercriminals. However, shortly after the second server was
found, it was attacked by an unknown party and the information it stored was
replaced with dummy data and database names which read “please_secure_your_servers”.
Exposed data
The first exposed database contained 267m records and most
of the affected users were from the US. Each record contained a unique Facebook
ID, a phone number, a full name and a timestamp.
The second exposed server contained the same 267m records
plus an additional 42m records and was hosted on a US Elasticsearch server. 25M
of the records it contained had similar information as that contained in the
first server but 16.8m of the new records contained additional information
including users' profile details, email addresses and other personal details.
While it is still unclear at this time whether the data was
obtained through the Facebook API or through a process called scraping where
automated bots copy data from websites, Comparitech (who partnered with
Diachenko on this discovery) does have some recommendations on how you can
avoid having your data scraped.
To minimize the chances of having your profile scraped by
strangers, the firm recommends that users go to their Facebook settings, click
on “Privacy” and set all relevant fields from “Friends” to “Only Me”.
Additionally, users should set the “Do you want search engines outside of
Facebook to link to your profile” option to “No” to reduce the chances of
having their profiles scraped by third parties.
Comments
Post a Comment