Social media - Facebook users data
A leak exposed the data of 267 million Facebook users. According to Comparitech’s representatives, this was the result of a scraping operation carried out by cybercriminals. “One possibility is that the data was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018. Facebook’s API is used by app developers to add social context to their applications by accessing users’ profiles, friends list, groups, photos, and event data. Phone numbers were available to third-party developers prior to 2018,” explained Comparitech’s Paul Bischoff.
According to consultant Bob Diachenko, Facebook’s API could also have a security hole. Thus, criminals could access user IDs and phone numbers. This might have happened even after the company restricted the access. Another scenario is that hackers stole without using the Facebook API at all. Instead, hackers might have collected the data of Facebook users from publicly visible profile pages.
Researchers warn that such a large database of sensitive information could be very useful for bad guys in major spam, phishing and smishing campaigns. Smishing is the name of the phishing attacks that try to trick users into giving their private information via SMS or text messages.
While Facebook tries to make users trust more the social media network, these kind of events seem to have the opposite effect.
According to the researchers, data appeared online on the 12th of December, after it was first indexed eight days before. Diachenko discovered it on December 14. He notified the internet service provider managing the IP address. After five days, it became unavailable. It seems that the original leak of appeared because of a misconfigured Elasticsearch cluster. Elasticsearch is a distributed, open source search and analytics engine for all types of data.
Lately, unsecured databases create lots of problems for the users. In November, personal data of over one billion users harvested by data enrichment companies was found exposed. Then, in December, the same amount of email and password combinations were found the same way by Diachenko. It seems that hackers stole these or bought them.
If you are looking for some PDFDrive alternatives, this article lists the top PDF Drive…
If you wish to execute the Epson L120 driver download and update for Windows 11/10,…
In this guide, we will have a look at some of the best game booster…
If you own the Epson L3110 printer and wish to improve its performance, use the…
If you are also facing issues with the Chrome.//net-internals/#DNS on your Google Chrome browser, use…
If you wish to download and update the Logitech Blue Yeti drivers on Windows 10/11…