Facebook users may have been caught up in yet another huge data breach, according to a report from privacy experts.
User IDs, phone numbers and names of 267 million Facebook users has been uncovered in a database that was being made available on a hacker’s forum as a downloadable file.
The database was found by Comparitech, who partnered with security researcher Bob Diachenko. They first indexed the database on December 4 but it is now no longer available. They say the database wasn’t password protected and, in the words of Comparitech, ‘could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users.’
‘We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,’ a company spokesperson said.
Diachenko believes the database was compiled either by illegal scraping of data from within Facebook or abuse of the company’s API by Vietnam-based hackers. If so, it likely happened before 2018 when the company restricted the developer’s API access to phone numbers.
While scraping is against Facebook’s policies, it is fairly easy to do – especially if users have their profiles set to public.
‘The 267 million Facebook users who had their names and personal phone numbers exposed to potential hackers are at high risk for a variety of targeted spam messages, phishing attacks or other scam attempts,’ commented Stuart Reed, VP of Cyber at Nominet.
‘With this information, hackers are given a direct line of access to these users – and that can enable criminals to more effectively target these users and gain further private information that can be utilized by bad actors. Given the length of time that this information was publicly available, the likelihood of these attacks is especially high.’
This isn’t the first time this has happened. Earlier this year, cybersecurity firm UpGuard said it found more than 540 million Facebook records had been stored publicly on Amazon cloud servers by two different third-party apps.
Facebook said it had taken down the databases once it was made aware of them.
‘Facebook’s policies prohibit storing Facebook information in a public database,’ a company spokeswoman said in a statement at the time.
‘Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.’
How to protect your privacy on Facebook
Most users want to edit Privacy to stop certain people seeing certain things they have posted, or will post.
You can also stop certain people contacting you, make Facebook ask you to approve a tag and a whole lot of other things to stop your identity being bandied around the place like a bag of Werther’s Originals.
How do you do these things? Follow these steps: