Facebook Security Breach Results in Sensitive Data Leak of 267 Million Users on the Dark Web
A massive data breach at Facebook has resulted in the personal data of 267 Facebook users being leaked to the dark web, according to the findings of cybersecurity firm Comparitech and researcher Bob Diachenko.
An unsecured database was found on the dark web containing the Facebook IDs, phone numbers, and names of 267,140,436 different users of the monopoly platform. The researchers warn that this information could be used by individuals with malicious intent, most likely through targeted phishing schemed and spam messages.
“A database this big is likely to be used for phishing and spam, particularly via SMS. Facebook users should be on the lookout for suspicious text messages,” Paul Bischoff of Comparitech wrote in his report about his firm’s research findings.
“Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages,” he added.
Diachenko traced the database back to Vietnam and believes it may have been accessed through an illicit process known as “scraping,” which is when bots duplicate public information from Facebook profiles. They may have stolen the information directly from Facebook’s developer API as well.
“Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted,” Diachenko said to Comparitech.
The records appeared to be accessible to anyone for two weeks before the breach was finally discovered. A downloadable link to receive the data was also made available on a popular hackers’ forum. This is hardly the only time that Facebook has been caught in scandals that have put sensitive user information into jeopardy.
A huge leak in September resulted in over 400 million user phone numbers being released to the public, and the Cambridge Analytica scandal in 2018 received widespread publicity due to the firm’s connection with the Trump administration.
Cambridge Analytica had used the personal data of millions of Facebook users without their notification, and harvested it for a political advertising campaign that proved to be very effective. While the Obama campaign was applauded for conducting a similar operation in 2012, the fake news media and deep state seized upon Cambridge Analytica as villainous because they worked for the wrong candidate. Nevertheless, the scandal exposed how data is exploited in creepy and invasive ways because of the tech giant.
Facebook claims they have already made changes that will prevent catastrophes like this from happening in the future.
“We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” a spokesperson for Facebook told the Daily Mail.
Comparitech is advising Facebook users to limit the amount of information they make visible to the public while using the platform to avoid being put at risk due to Facebook’s inability or unwillingness to protect their customers’ data.