Welcome to another episode of Facebook data breach. With 2019 coming to an end, Facebook has yet again disappointed its users by exposing their personal data online. As discovered by security researcher Bob Diachenko along with Comparitech, phone numbers, names and Facebook user IDs of as many as 267 million people were left in open for anybody to steal.
The database was available without any authentication making it easily accessible for the general public. Security researchers say that the exposed data was available for two weeks on the internet before it was removed. Diachenko approached the ISP managing the IP address of the server hosting the data to get the data removed.
The report says, “The information contained in the database could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users.”
Most of the affected users by this Facebook data breach are the US users, as indicated by the trove of data.
Diachenko believes that the database is a result of an illegal data scraping operation on Facebook API run by hackers in Vietnam. There are two possibilities as to how the data was stolen:
First, criminals managed to steal data from Facebook’s developer API before the social media company blocked access to users’ phone numbers in 2018.
Another possibility, according to security researchers, is that the data was scraped without using Facebook API at all from publicly visible profile pages.
To reduce the risk of anyone stealing your profile information, you can tweak the following privacy settings in your Facebook profile:
- Click on the “Settings” button in the Facebook app or on the web version under “Settings & Privacy”.
- Scroll down to the Privacy section and click on “Privacy Settings”.
- Set all the relevant fields to “Friends” or “Only Me” to prevent your profile from being scraped by strangers.
- Scroll down to the end of the page and set “Do you want search engines outside of Facebook to link to your profile?” option to No.
After being informed about the incident, Facebook said: “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”