20th December 2019 – The records of hundreds of millions Facebook users was discovered in a online forum on the dark web. The unsecured database contained the IDs, phone numbers and full names of 267 million users, most of which reside in the US.
Although it is not yet clear how the sensitive information was exposed, experts speculate the database was compiled through an illegal process called ‘scraping’ – automated bots copied public information from Facebook profiles.
Access to the database has since been removed, however, the recorders were available online for two weeks before it was discovered.
The leak was discovered by the cybersecurity firm Comparitech in partnership with security researcher Bob Diachenko.
Paul Bischoff with Comparitech shared: ‘Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster.’
‘Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.’
Shortly after the information was spotted, Diachenko reached out to the proper authorities to have access to the database removed.
However, it appears the data was exposed for close to two weeks before being taken down.
According to a timeline put together by Comparitech, the database was first indexed on December 4 and wasn’t closed until December 19.
Approximately 267,140,436 records were exposed, most of which were of users living in the US– and Diachenko said all of the data appeared to be valid.
The experts are not sure how the information landed in the hands of cyberthieves, but they do have their hunches.
The first possibility is that the hackers stole the data from Facebook’s developer API prior to Facebook restricting access to phone numbers last year.
Diachenko told Comparitech: ‘Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted.’
The other way may have been the criminals used an illegal process called ‘scraping’.
This involves bots combing through numerous web pages and copying data as they go along.
‘A database this big is likely to be used for phishing and spam, particularly via SMS. Facebook users should be on the lookout for suspicious text messages,’ Bischoff wrote.
‘Even if the sender knows your name or some basic information about you, be sceptical of any unsolicited messages.’