A database holding personal data of 267 million Facebook user accounts including user IDs, phone numbers and names was recently exposed on the web.
Comparitech partnered with Bob Diachenko has spotted a repository of Facebook users’ data exposed online for several weeks. Researches have found that the Facebook database initially appeared on Elasticsearch and was later published on a hacker forum. Two days after database leak discovery Diachenko sent an abuse report to the ISP associated with the AP address. On December, 19 the leaked database was removed from Elasticsearch.
Luckily the database records did not include user passwords, but rather names, IDs and phone numbers that could potentially be used for conducting large-scale SMS spam and phishing scams, not to mention other possible threats to Facebook users.
Unfortunately, we can only assume that a large number of online criminals and hackers were able to and grab the leaked database information before it went offline. No one knows how the data actually leaked online, but researches suspect that a group could have gained access to Facebook’s system through a security flaw or using Facebook’s developer APIs.
While investigating this incident Facebook believes that the data was taken before they have changed the API rules last year.