What just happened? It appears that Facebook’s decision to give app developers too much access to users’ personal information is backfiring again. A new report has revealed that user names and phone numbers of over 267 million US user accounts have been scraped by malicious actors and uploaded to a hacker forum.
According to a report from Comparitech, around 267 million Facebook user names and phone numbers were left exposed on a web server with not even a password to prevent unauthorized access. This isn’t the first time this has happened. In September, a researcher found the personal information of over 400 million Facebook accounts from all over the world stored on an unsecured web server. Luckily, that dataset turned out to be old and there’s no evidence that it was used to compromise any accounts.
Comparitech along with security researcher Bob Diachenko uncovered the new treasure trove for data thieves, which was stored on an Elasticsearch cluster. Diachenko suspects it was obtained through an illegal scraping operation in Vietnam that abused a Facebook API.
The resulting dataset could be used in SMS spam and phishing campaigns, and it was online between December 4 and December 18. It appears that most of the user IDs, phone numbers, and names belong to US Facebook accounts, and were allegedly shared on a hacker forum.
A Facebook spokesperson said the company is investigating the report, and reiterated that this may be another old dataset from 2018 when developers were able to access too much information from publicly visible profile pages. The company restricted access after the Cambridge Analytica scandal.
- TikTok removed nearly 90 million videos globally in the second half of 2020In total, from July 1 to December 31 last year, the company said it removed 89,132,938 videos … Read More
- Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyMastercard and MTN announced a strategic partnership to enable millions of consumers in 16 countries across Africa to make global … Read More
- Using lessons learnt in 2020 to combat the security threats in 20212020 saw a boom in cyberattacks with cybercriminals taking advantage of the coronavirus pandemic and lockdown to … Read More
- Cybercrime and the pandemic – Read Now!A new report from BlackBerry shows that as our digital habits have changed over the past year cybercriminals have … Read More
- Here is why enterprise security isn’t just an IT problemThey say a chain is only as strong as its weakest link; when it comes to cybersecurity, … Read More
One way to protect yourself is to make sure that only friends have access to your profile picture, your details, and what you post on your wall. Also, make sure the option “Do you want search engines outside of Facebook to link to your profile” is set to “no” as this is one of the things that facilitated the Elasticsearch scraping.
In related news, Facebook hard disks containing payroll information were stolen earlier this month during a car robbery. No Facebook user data was compromised, but it prompted the company to tighten its security policies.