Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Database Left 267 Million Facebook IDs Exposed: Report

Security Researchers Say Criminal Group Scraped Phone Numbers and Other Data
Database Left 267 Million Facebook IDs Exposed: Report

An unsecured Elasticsearch database exposed the identities and phone numbers of over 267 million Facebook users for about two weeks, according to a new research report.

See Also: The Evolution of Email Security

The information contained in this Elasticsearch server appears to have been harvested by cybercriminals during an illegal data scraping scheme, according to security researcher Bob Diachenko and privacy advocacy firm Comparitech, the collaborators on the report.

Cybercriminals not only uploaded the data to an online database, but also posted it to a hacker forum on Dec. 12, the report states. Most of the data came from U.S. Facebook users.

In addition to the Facebook identification, the database contained users' full names, telephone numbers and a timestamp. The Elasticsearch server also included a landing page with a login dashboard and welcome note, the report notes.

"Facebook IDs are unique, public numbers associated with specific accounts, which can be used to discern an account's username and other profile info," the report adds.

Scraping Scheme

The data collected in the Elasticsearch server is likely the result of an illegal scraping scheme carried out by cybercriminals operating in Vietnam, according to the report. The researchers, however, did not specify what led them to that conclusion.

Although it's not clear how the data was scraped in this case, such scraping typically involves a large number of automated bots that sift through webpages, copy data and then store it in a database, according to the report.

One possibility is that the phone numbers came from an API that Facebook released to third-party app developers several years ago. This API allowed developers to add social content to their applications by accessing users' profiles, friends list, groups, photos and event data, the report notes.

Facebook users' phone numbers were available through this API until the company closed off access in 2018. Over the last year, the social media company has been changing the way third-party developers access its data, and in November, it announced further restrictions on data (see: Facebook: Developers Wrongfully Accessed User Data - Again).

"We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information," a Facebook spokesperson tells Information Security Media Group.

It's also possible that the cybercriminals in this case scraped data from publicly available user profiles, according to the report.

The report notes that the data that was scraped could be used for spam or phishing campaigns, especially through SMS messages sent to a victim's smartphone.

Another Incident

This is the second time since September that security researchers have found an unsecured database containing Facebook IDs as well as phone number from users' accounts.

In September, Facebook confirmed that unsecured cloud-based server contained more than 419 million users' phone numbers and other data that had been scraped from the company's social network (see: Facebook: 419 Million Scraped User Phone Numbers Exposed).

Facebook has been attempting to clamp down on data leaks since the company was fined $5 billion in July by the U.S. Federal Trade Commission and the Department of Justice (see: It's Official: FTC Fines Facebook $5 Billion).


About the Author

Scott Ferguson

Scott Ferguson

Managing Editor, News Desk

Ferguson is the managing editor for the news desk at Information Security Media Group. He's been covering the IT industry for more than 13 years. Before joining ISMG, Ferguson was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.