A data breach has left Facebook users vulnerable… again.
On December 4, a database was discovered which contained over a quarter of a billion Facebook user IDs, full names, and phone numbers was first uploaded to the internet. It was then posted to a hacker forum on December 12. Two days later, it was discovered by a security researcher and reported it but it took another 5 days for it to be shut down. Most of the accounts affected were from the United States.
The data that was released could be used for large-scale SMS and phishing scams.
Comparitech and security researcher Bob Diachenko have uncovered a database containing more than 267 million Facebook users’ data that was left exposed online, with not even a password preventing unauthorized access to it.
The Elasticsearch cluster contained user IDs, phone numbers, and names of mostly US-based users. According to Diachenko, who examined the evidence, the data likely came from “an illegal scraping operation or Facebook API abuse by criminals in Vietnam.”
It was left exposed for nearly two weeks starting December 4, and is now unavailable – but not before it was allegedly shared as a download on a hacker forum.
Source: The Next Web
Facebook users should be cautious of suspicious text messages. Even if the sender has some basic information about you like your name. If it’s unsolicited, don’t engage.
Facebook has been plagued by data breaches where the private information of millions of users has been exposed. Despite commitments to users to protect their data, Facebook doesn’t seem to be taking the problem very seriously and instead sets aside millions of dollars to pay for fines resulting from their failure to protect user data.
If you still have a Facebook account, here is how you can protect yourself from data breaches like this one.
Facebook users can minimize the chances of their profiles being scraped by strangers by adjusting their account privacy settings:
- Open Facebook and go to **Settings**
- Click **Privacy**
- Set all relevant fields to **Friends** or **Only me**
- Set **”Do you want search engines outside of Facebook to link to your profile** to **No**