Categories: Ad Guardian PlusNews

267 million Facebook users had their data exposed

A leak exposed the data of 267 million Facebook users. According to Comparitech’s representatives, this was the result of a scraping operation carried out by cybercriminals. “One possibility is that the data was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018. Facebook’s API is used by app developers to add social context to their applications by accessing users’ profiles, friends list, groups, photos, and event data. Phone numbers were available to third-party developers prior to 2018,” explained Comparitech’s Paul Bischoff.

According to consultant Bob Diachenko, Facebook’s API could also have a security hole. Thus, criminals could access user IDs and phone numbers. This might have happened even after the company restricted the access. Another scenario is that hackers stole without using the Facebook API at all. Instead, hackers might have collected the data of Facebook users from publicly visible profile pages.

Researchers warn that such a large database of sensitive information could be very useful for bad guys in major spam, phishing and smishing campaigns. Smishing is the name of the phishing attacks that try to trick users into giving their private information via SMS or text messages.

While Facebook tries to make users trust more the social media network, these kind of events seem to have the opposite effect. 

More and more unsecured databases

According to the researchers, data appeared online on the 12th of December, after it was first indexed eight days before. Diachenko discovered it on December 14. He notified the internet service provider managing the IP address. After five days, it became unavailable. It seems that the original leak of appeared because of a misconfigured Elasticsearch cluster. Elasticsearch is a distributed, open source search and analytics engine for all types of data.

Lately, unsecured databases create lots of problems for the users. In November, personal data of over one billion users harvested by data enrichment companies was found exposed. Then, in December, the same amount of email and password combinations were found the same way by Diachenko. It seems that hackers stole these or bought them.

Laurentiu Titei

Recent Posts

Best Discord Alternatives and Similar Software to Use

If you are searching for the best Discord alternatives, you can follow this guide to…

22 hours ago

Best Y2mate Online Alternatives for Downloading YouTube Videos

The demand for video-downloading applications and websites has increased significantly over the years. And these…

1 day ago

Packard Bell Drivers Download & Updates in Windows 11/10

Have you newly purchased a Packard Bell laptop? Then, it is inevitable that you download…

2 days ago

How to Fix 0x80070035 Network Path Not Found Windows 11

Error 0x80070035, “Network path was not found,” is a common issue that occurs when attempting…

3 days ago

How to Move Valorant to Another Drive

Are you experiencing lower PC performance, slow Valorant loading, and sluggish response? Do you want…

3 days ago

Best Reliable IP and Network Scanner Tools to Use in 2025

Do you wish to gain visibility and control over your network? Then, you need the…

4 days ago