Categories: Ad Guardian PlusNews

267 million Facebook users had their data exposed

A leak exposed the data of 267 million Facebook users. According to Comparitech’s representatives, this was the result of a scraping operation carried out by cybercriminals. “One possibility is that the data was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018. Facebook’s API is used by app developers to add social context to their applications by accessing users’ profiles, friends list, groups, photos, and event data. Phone numbers were available to third-party developers prior to 2018,” explained Comparitech’s Paul Bischoff.

According to consultant Bob Diachenko, Facebook’s API could also have a security hole. Thus, criminals could access user IDs and phone numbers. This might have happened even after the company restricted the access. Another scenario is that hackers stole without using the Facebook API at all. Instead, hackers might have collected the data of Facebook users from publicly visible profile pages.

Researchers warn that such a large database of sensitive information could be very useful for bad guys in major spam, phishing and smishing campaigns. Smishing is the name of the phishing attacks that try to trick users into giving their private information via SMS or text messages.

While Facebook tries to make users trust more the social media network, these kind of events seem to have the opposite effect. 

More and more unsecured databases

According to the researchers, data appeared online on the 12th of December, after it was first indexed eight days before. Diachenko discovered it on December 14. He notified the internet service provider managing the IP address. After five days, it became unavailable. It seems that the original leak of appeared because of a misconfigured Elasticsearch cluster. Elasticsearch is a distributed, open source search and analytics engine for all types of data.

Lately, unsecured databases create lots of problems for the users. In November, personal data of over one billion users harvested by data enrichment companies was found exposed. Then, in December, the same amount of email and password combinations were found the same way by Diachenko. It seems that hackers stole these or bought them.

Laurentiu Titei

Recent Posts

Best DNS Servers for Gaming

If you are playing online games, any lag, no matter how small, can be frustrating,…

10 hours ago

Best Free PC Cleaner and Optimizer for Windows 10, 11 in 2025

In this comprehensive overview, we delve into the best free PC cleaner and optimizer tools…

2 days ago

The Best Anti-Malware and Protection Software for Windows PC

If you want to protect your system against malware attacks, then you can take the…

2 days ago

Windows Boot Manager Download and Enable or Disable it: Complete guide 2025

Imagine a situation where you power on your computer, but the Windows operating system does…

2 days ago

HAVIT Mouse Driver/Software Download for Windows

HAVIT is a global consumer tech brand that manufactures various computer peripherals, such as a…

2 days ago

Best Sandbox Games for PC to Play in 2025

Imagine yourself creating the worlds and castles of your dreams in a sandbox. Amazing is…

3 days ago