Facebook spills hot water again by exposing over 267 million Facebook users data. This time it seems like this is the worst data leaks ever the company has ever had since it was founded. The data which are exposed are the users’ personal details such as their phone number and names.
This data breach was first found by a cybersecurity firm named Comparitech and a researcher named Bob Diachenko. According to the cybersecurity firm, these huge amounts of data leak has been leaked on the web publicly. Seems like the hacker who uploaded the Facebook users’ database is left open without any authentication. This means anyone can access and view the details publicly without entering a password.
According to Comparitech, this data is not exposed overnight. The data was first indexed on 4th December. Then on the 12th of December, the hackers uploaded the database to a hacker forum. This is where publics can easily download the database file. Two days after, Diachenko found out about the database and reported to the ISP provider who manages the hacker forum server. The main reason Diachenko notifies the ISP provider because of the hacker forum belongs to a criminal organization. The good news is the ISP providers have already removed the database from the hacker forum.
Here’s the statement from Facebook:
We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.
How hackers obtain this data?
According to the Comparitech, this could be done by doing the data scrapping. Data scrapping is a process where you can collect data from every web pages and copy it into the database. Back before 2018, developers can access to Facebook users information using its API. This causes some hackers to create apps to access Facebook users’ personal data. The evidence shows the source of the data breach could be from Vietnam says Diachenko.
After 2018, Facebook has already restricted developers to access Facebook user’s phone numbers via its API. However, Diachenko finds out that, there is a loophole on its API where it allows hackers to access to Facebook user’s data using the Facebook developer access.
What you should do if your data is exposed too?
The very first thing you should do is head over to the Facebook Settings page. Then click on the Privacy page on the left side and change all the fields to either “Only friends” or “Only me”. The last step is make sure you disable the search engine option. And you will be good to go. This will prevent hackers from scrapping your Facebook data.
