It has appeared that Social Media Giant, Facebook’s decision to give application developers too much access to its users’ personal information is backfiring again. A new report has revealed that user names and phone numbers of over 267 million US user accounts have been scraped by malicious actors and uploaded to a hacker forum.
According to a report from Comparitech, around 267 million Facebook user names and phone numbers were left exposed on a web server without even a password to prevent unauthorized access. This is obviously not the first time this has happened. In September, a researcher found the personal information of over 400 million Facebook accounts from all over the world stored on an unsecured web server. Luckily, that data-set turned out to be old and there was no evidence that it was used to compromise any accounts.
Comparitech along with security researcher Bob Diachenko uncovered the new treasure trove for data thieves, which was stored on an Elasticsearch cluster. Bob Diachenko suspects it was obtained through an illegal scraping operation in Vietnam that abused a Facebook API.
The resulting data-set could be used in SMS spam and phishing campaigns, and it was online between December 4 and December 18. It appears that most of the user IDs, phone numbers, and names belong to US Facebook accounts, and were shared on a hacker forum.
A Facebook spokesperson said the company is investigating the report, and reiterated that this may be another old dataset from 2018 when developers were able to access too much information from publicly visible profile pages. The company restricted access after the Cambridge Analytica scandal.
One way to protect yourself is to make sure that only friends have access to your profile picture, your details, and what you post on your wall. Also, make sure the option “Do you want search engines outside of Facebook to link to your profile” is set to “no” as this is one of the things that facilitated the Elasticsearch scraping.
In related news, Facebook hard disks containing payroll information were stolen earlier this month during a car robbery. No Facebook user data was compromised, but it prompted the company to tighten its security policies.
Don’t forget to stay updated with us @ FaqonTech for more updates….
Faqontech and its contents are protected by COPYRIGHT LAW (DMCA) with high-priority response rate. Reproduction without permission or due credit link back will cause your article(s) to be removed from search engines and disappearance of Ads on that page if monetized with Adsense.
NOTE that Your Adverts can be placed here on Faqontech either Banner, Link or Text ADS We got you covered, We have different advert space waiting for you. Want to know more about our advert placement click HERE