Facebook left its database unsecured for two weeks. Therefore, this resulted in 267,140,436 records exposed and shared on the dark web. The database included IDs, phone numbers and full names of mostly US users. Additionally, the information was available for anyone to access without a password or any other authentication. People identified in the data could be potentially targeted with spam messages or phishing scams. So Facebook users should be wary or suspicious text messages.
Bob Dianchenko, who is a security researcher, believes that the database belongs to a cyber-criminal organization and not Facebook. Diachenko said that it’s possible the data was stolen from Facebook’s developer API – used by app developers to access user profiles and connected data.
As a result of this, Facebook users should check and adjust their privacy settings. So, a private setting would decrease chances of a third party scraping profiles. ‘Scraping’ is a term to describe the process in which automated bots quickly sift through large numbers of web pages, copying data from each one into a database.
Here’s the timeline of discovery:
- December 4 – The database was first indexed
- Dec 12 – The data was posted on a hacker forum as a download
- Dec 14 – Diachenko discovered the database and immediately sent an abuse report to the ISP managing the IP address of the server
- December 19 – The database is unavailable
However, this isn’t the first time that an incident like this has occurred. Another database leak had happened a couple months ago. As of now, Facebook has made no statement regarding the matter. From this, i’s clear that the company needs to have better security measures.
Keep up with the latest news and releases through EDM Tunes!