Back in April, Facebook founder and CEO Mark Zuckerberg announced that the future of the social media site would be a more private experience for users. But after yet another recently discovered data breach exposed the personal contact information of more than 267 million users, the company’s claims of enhanced privacy may be wearing thin on its 2.45 billion active users.
Tech research firm Comparitech paired with cybersecurity expert Bob Diachenko and uncovered the Facebook database leak earlier this month. It consisted of 267 million-plus user IDs, their names, and phone numbers. The data could be accessed without a password or any other form of authentication.
Most of the stolen data belong to U.S. Facebook accounts and all of them seem to be valid, Mr. Diachenko said.
Comparitach says Mr. Diachenko believes the data was likely the result of an illegal scraping operation or Facebook API abuse by cybercriminals in Vietnam.
The illicit database sat completely exposed for nearly two weeks, Mr. Diachenko said. During that time, the database was posted as a download in a hacker forum. Mr. Diachenko discovered the problem on Dec. 14 and immediately reported the abuse to the ISP managing the address of the server. As of Dec. 19, the database was no longer accessible.
According to Comparitech, a database as large as this one “is likely to be used for phishing and spam, particularly via SMS,” or text messages.
“Facebook users should be on the lookout for suspicious text messages,” Comparitech advises. “Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Facebook users can reduce the chances of their information being scraped by third parties by accessing their Facebook Settings, clicking on Privacy, and setting relevant fields to Friends or Only Me. Additionally, set Do you want search engines outside of Facebook to link to your profile to No.
By now most U.S. Facebook users are probably familiar with the social media giant’s history of mishandling its users’ data. The Cambridge Analytica scandal erupted in early 2018 after it was discovered that political hacks acquired the data of more than 50 million users. The controversy drew global attention to the company’s lax security controls, but the problem didn’t end there.
In September, a security researcher found databases containing more than 419 million records tied to Facebook accounts that had been scraped from the platform. Those records included phone numbers, Facebook IDs, and other sensitive information, according to Engadget. A year before that a vulnerability in Facebook’s access tokens allowed hackers to obtain the private info of about 29 million users.
In April, it was discovered that third-party errors left 540 million Facebook records containing account names, comments, user IDs, likes, and other details exposed. In January, the company said it found that 600 million user passwords were stored in plain text on its servers, viewable to more than 20,000 employees.