More than 265 million Facebook users have released their names, phone numbers and profiles thanks to a public database.
According to data security researchers Bob Diachenko and Comparitech, the online database has revealed more than 268 million names, Facebook IDs, and phone numbers.
The database could be used online without a password, so sensitive personal data would be exposed to anyone who accessed it.
Diachenko was able to trace the database back to Vietnam but was unable to accurately identify how the data was accessed or what it was used for. According to Diachenko, the majority of those affected are from the United States.
Diachenko and Comparitech speculated that the data could be used for spam messaging and phishing campaigns, and contacted the Internet service provider hosting the database.
The database is no longer available, but it is said that the data was posted in the online forum before the source was removed.
Cybersecurity researchers have reported that more than 268 million Facebook users have personal data exposed to online databases that have collected their names, Facebook IDs, and phone numbers. According to Comparitech and data security researcher Bob Diachenko, this database was available online without a password to anyone who had access to it for about two weeks.
Prime Minister Diachenko said that 267,140,436 were exposed and most of the victims were from the United States. Anyone identified in the database can use their name and phone number to be the target of spam messages or other scam attempts.
A Facebook spokesman made the following statement after the database went offline. “We’re investigating this issue, but it’s likely that this information was obtained before making changes in the last few years to better protect people’s information.”
Facebook removed phone number information from the API following the April 2018 Cambridge Analytica scandal. This means that the numbers contained in the database are over 18 months old.
The database first appeared online on December 4th. On December 12, the data was publicly shared on the hacker forum. Believing that the database is part of a criminal enterprise, Diachenko said that on December 14, he reported the database to an Internet service provider. I copied it somewhere else.
Comparitech recommends that Facebook users change their privacy settings so that only friends can see their posts and omit their profile from search engine results so that they don’t get information from their profile.
Diachenko tracked the database to Vietnam but was unable to specify exactly how the information was obtained. Comparitech said the database may have stolen information from the Facebook developer API, which shares sensitive information with app creators. Alternatively, database authors can use automated bots to fetch information from publicly visible Facebook pages.
Facebook checked the approach to user data in the wake of the Cambridge Analytica scandal. In 2015, Cambridge Analytica created a basic personality quiz for Facebook and used access to the Facebook developer API to obtain personal data from 850 million Facebook users. We then used this information to create voter profiles for Donald Trump’s presidential campaign and Brexit vacation campaign.
According to a survey of the Federal Trade Commission, Facebook mishandled user data, fined $ 5 billion, and the settlement agreement imposed new regulations on social media platforms earlier this year.