Security expert Bob Diachenko, along with Comparitech, has discovered more than 267 million Facebook user IDs, phone numbers and names in an unsecured database.
The huge trove of data is likely the result of an illegal scraping operation or Facebook API abuse by a group of hackers in Vietnam. The exposed data could be used by threat actors to conduct large-scale SMS spam and phishing campaigns.
“A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication.” reads the post published by Comparitech. “Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster.
In total the archive contained 267,140,436 records, most of the affected users were from the United States.
Diachenko also discovered that the server included a landing page with a login dashboard and a welcome note in Vietnamese language.
Diachenko discovered the unsecured database on December 14, but it was first indexed on December 4, unfortunately, the Facebook information was posted on a hacker forum since December 12.
On December 14, the expert sent an abuse report to the ISP managing the IP address of the server and on December 19 the database was shut down.
At the time it is not clear how hackers obtained the data, Diachenko believe that there are to possible scenarios.
In the first scenario, attackers could have exploited Facebook’s API used by developers to access data (i.e. Friends list, photos, and groups). This was possible only before Facebook implemented the restrictions to the access to user phone numbers in 2018, alternatively, the attackers might have exploited a security hole. Criminals could have also scraped information from public Facebook profiles using automated tools.
In September 2019, other databases containing 419 million records were exposed, the huge trove of data included phone numbers and Facebook IDs.
A Facebook spokesman confirmed that in a statement that the company is investigating into the case, but the information was likely harvested before 2018.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – privacy, Facebook)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.