Are you still using Facebook? If yes, then this is something you definitely need to read. An unsecured database was found that contained more than 267 million Facebook users ID along with phone numbers and names. This data was accessible to anyone on the web even without a password or other kind of security. Recently, Facebook has been criticized and found to be sharing user’s data along with many others and many users have reportedly stopped using this social media platform.
A report on the Comparitech website who partnered along with security researcher Bob Diachenko has discovered the Elasticsearch cluster. This data is believed to be coming from an illegal scraping operation or even Facebook API abuse by criminals in Vietnam. This data was posted to a hacker forum as a download and Diachenko also notified the internet service provider managing the IP address of the server so that the access could be removed.
The data that was on the website could be used to conduct a big SMS spam and phishing campaigns. Recently we have also seen Facebook saving location data of the users even after they have denied access to do so. This data was exposed almost two weeks before the access was removed. According to Comparitech, on the 4th of December, the database was first indexed.
On the 12th of December, the data was posted as a download on a hacker forum. Diachenko discovered the database and immediately sent a report to the ISP on the 14th of December and on December 29th the database is removed. A total of 267,140,436 users data was found and the most effected users were from the US.
Facebook users can minimize their data getting scraped by third parties by ceding to the settings and selecting the Privacy and setting all relevant fields to only me or Friends and also setting the Do you want search engines outside of Facebook to link to your profile to No. Are you still using Facebook? Did you ever feel your data was stolen? Comment in the section below and stay tuned to PhoneRadar for more similar updates.