Data of more than 267 million Facebook users has been exposed online

267 million – mostly American – Facebook users IDs, names and phone numbers are exposed online and shared on the dark web

  • Cybersecurity firm found an unsecure database of Facebook user data online
  • Approximately 267,140,436 records were exposed and shared on the dark web
  • The database included IDs, phone numbers and full names of mainly US users
  • The database has since been shut down, but was live on the web for two weeks 

Personal information belonging to hundreds of millions of Facebook users has been exposed online, it has emerged. 

The IDs, phone numbers and full names of 267 million users, most of which reside in the US, were discovered on an unsecured database on the dark web.

Although it is not yet clear how the sensitive information was exposed, experts  speculate the database was compiled through an illegal process called ‘scraping’ – where automated bots copy public information from Facebook profiles.

Access to the database has since been removed, however, the records were available to anyone online for two weeks before the leak was discovered. 

The security breach follows a massive leak in September in which more than 400 million accounts were exposed and then there was a major scandal in 2018.

It was revealed that Cambridge Analytica had harvested the personal data of millions of peoples’ Facebook profiles without their consent and used it for political advertising purposes. 

Scroll down for video 

The records of hundreds of millions Facebook users was discovered in a online forum on the dark web. The unsecure database contained the IDs, phone numbers and full names of 267 million users, most of which reside in the US

DailyMail.com has reached out to Facebook for comment and has yet to receive a response.

The leak was uncovered by the cybersecurity firm Comparitech in partnership with security researcher Bob Diachenko. 

Paul Bischoff with Comparitech said: ‘Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster.

‘Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.’

Shortly after the information was spotted, Diachenko reached out to the proper authorities to have access to the database removed.

However, it appears the data was exposed for at least two weeks before being taken down.

Although it is not yet clear how the sensitive information was exposed, experts speculate the database was compiled through an illegal process called ‘scraping’ – automated bots copied public information from Facebook profiles

According to a timeline put together by Comparitech, the database was first indexed on December 4 and wasn’t closed until December 19.

Approximately 267,140,436 records were exposed, most of which were of users living in the US – and Diachenko said all of the data appeared to be valid.

The experts are not sure how the information landed in the hands of cyberthieves, but they do have their suspicions.

The first possibility is that the hackers stole the data from Facebook’s developer API prior to Facebook restricting access to phone numbers last year.

Diachenko told Comparitech: ‘Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted.’

Another possibility is that the cyber criminals used an illegal process called ‘scraping’.

This involves bots combing through numerous web pages and copying data as they go along.

‘A database this big is likely to be used for phishing and spam, particularly via SMS. Facebook users should be on the lookout for suspicious text messages,’ Bischoff wrote.

‘Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.’

WHAT IS THE CAMBRIDGE ANALYTICA SCANDAL?

Communications firm Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.

The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.

‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.

The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.

The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump

This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.

This was designed to help them create software that can predict and influence voters’ choices at the ballot box.

The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.

This information is said to have been used to help the Brexit campaign in the UK.

 

Source: Read Full Article