More than 267 million records pertaining to Facebook users have been exposed on an unsecured database that can be easily accessed by anyone with an internet connection. The report comes from tech company, Comparitech, who partnered with researcher Bob Diachenko
What was leaked?
In total 267,140,436 records were exposed, with the majority of affected users located in the US. Diachenko says all of them seem to be valid. Each containing;
- A unique Facebook ID
- A phone number
- A full name
- A timestamp
How was it stolen?
The source of the data is likely a result of illegal scraping or Facebook API abuse and first became available on December 4th, according to Diachenko’s timeline.
The stolen data likely belongs to a criminal organisation in Vietnam, according to the research. As a result, Diachenko bypassed the usual route of alerting victims and went straight to the ISP. The database was no longer available to view as of 19 December.
The leaked information may make victims easier to target with “large-scale SMS spam and phishing campaigns,” Comparitech said.
The aftermath
Facebook has responded in a public statement, saying: “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information”.
The security breach follows a massive leak in September in which more than 400 million user phone numbers were exposed. This was following on from the Cambridge Analytica scandal in which It was revealed that Cambridge Analytica had harvested the personal data of millions of peoples’ Facebook profiles without their consent and used it for political advertising purposes.