A Ukrainian security researcher discovered an online database containing the names, phone numbers and Facebook ID’s of roughly 267 million Facebook users. The said database was available for download on a hacker forum and is not even password protected and the information contained in the database were mostly located in the U.S.
The database, which Diachenko discovered using a search engine was freely accessible online. Being a good samaritan, he even notified the internet provider hosting the database on December 14 and they took it down a few days later.
Apparently, the database was downloaded to a hacker forum as per Diachenco.
The researcher provided the a news outlet with a 10-record sample from the database and the IDs — and two phone numbers that were answered — checked out against real Facebook users.
There is a high probability that the data was collected illegally.
Diachenko said he did not share the database with Facebook, which did not directly confirm the finding. In a statement, the social network said it was investigating the issue and that the finding “likely” involved information obtained before Facebook took unspecified data-protection measures in recent years.
There are various ways that the said information can be used. The researchers warn the public that it might be used for phishing or spam campaigns and specially via SMS, spam, phishing
It was not too long ago, which was back in September the news site TechCrunch reported that Facebook IDs and phone numbers for more than 400 million users were similarly found exposed online by another researcher.
Back in March of 2019, Facebook even disclosed that it had left hundreds of millions of user passwords readable by its employees on internal severs for years after a security researcher exposed the lapse.
Facebook users can maintain better control over what profile information is displayed by adjusting their account privacy settings. For example, users can:
- Go to Settings & Privacy in Facebook
- Click Privacy Shortcuts
- Click See more privacy settings
- Set all relevant fields to Friends or Only me
- Set ”Do you want search engines outside of Facebook to link to your profile to No