What you need to know
- A massive data breach affecting 267 million Facebook users was publicized this week.
- The database was exposed on the internet and accessible without any authentication or password requirements.
- It contained users' IDs, phone numbers, and real names.
While Facebook's busy making its own OS, millions of the company's users' data has been leaked, thanks to one of the largest data breaches in the company's history.
Cybersecurity firm Comparitech and researcher Bob Diachenko say they've found a database containing the Facebook IDs, phone numbers, and names of 267 million users on the web. The database, they claim, was entirely exposed on the internet and did not require a password or any other form of authentication to access.
They posit that the origins of the database probably lie in Facebook API abuse by criminals in Vietnam or an illegal data scraping operation. While Diachenko immediately notified the ISP hosting the data, he warns that it was available for two weeks before it was removed. It was also available as a download on a hacker forum.
Facebook, which previously suffered from data breaches affecting 30 million and 419 million users in 2018 and 2019, respectively, responded to the incident as follows:
As Comparitech points out, this is likely in reference to change Facebook made to its API that previously allowed app developers access to users' phone numbers.
The data could eventually be used for mass phishing campaigns due to its inclusion of phone numbers, so users would be well advised to be suspicious of any text messages or emails asking for your password or other sensitive information. Comparitech also suggests changing all the fields in Facebook's privacy settings to "Only friends" or "Only me" and disabling the ability of search engines to link to your profile in order to prevent your data from being scraped by bots.
Holy Moly... Once again the breach seems to have been mostly confined to the US - extract from source link:
"In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained: A unique Facebook ID
A phone number
A full name
Just in time for the 2020 election. FB should be sued out of existence. Seriously what a garbage Xmas present FB
how exactly is this a data breach?! Does the author even know -or care- what a data breach is?! The data came from the official API ffs
Yeah, like SMDH
How would you rename the article to get more people to open it as click-bait?
Who gives a flying F if it's a full on hack, a minor exploit, or an example of piss poor programing that just doesn't hide personal information? This is just yet another example that this company can't be trusted with its own user's data and yet the masses of sheep will continue to flock towards it.
A data breach is defined as either an intentional or unintentional release of private/secure information. This is a breach.
Don't understand how people fear FB.... And or get their data leaked... Who the hell in their right mind use their true info on FB... Mine are obsolete since 2006.....you can still pretty much do everything the same with no worries
Well, ****. Just great.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.