267 Million Facebook Users’ Data Exposed Online Via Unsecured Database

Facebook has once again made it to the news owing to a security issue. However, this time, Facebook isn’t directly responsible for the matter. Instead researchers found a separate unsecured database that exposed Facebook users’ data online. The database included over 267 million user records.

Facebook Users’ Data Exposed Online

Security researcher Bob Diachenko and Comparitech found an open database that exposed millions of Facebook users’ data online. The researchers estimate more than 267 million records were included in the leaky server.

As elaborated in a blog post by Comparitech, the researchers discovered an unsecured Elasticsearch cluster that included millions of users’ data.

Specifically, the total exposed records sum up to 267,140,436, the information predominantly belonged to the US users. The exposed details included users’ full name, unique Facebook ID, phone number, and time stamp events.

Database Now Offline

Presently, it isn’t clear that how the hackers collected all the data. Diachenko believes that the data likely within the records was obtained by a hacker/s. One scenario could be that the criminals gathered this data through scraping, or they abused a Facebook API. They could then possibly use the data for SMS spamming and phishing campaigns.

Upon finding the open database, Diachenko swiftly reported the matter to the ISP managing the IP address of the server. After his report, the database went offline.

Though, the researcher also found the same data available for sale on a hackers’ forum. So, it might be possible that the data, or part of the exposed data, could be available elsewhere.

Diachenko recommends setting Facebook profile visibility to private, that is, not indexed with search engines, to avoid public scraping.

Furthermore, users should also avoid setting the visibility of various details on their profile to ‘public’. These security measures are particularly important considering the fact that such incidents have also happened in the past.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients