Facebook has once again made it to the news owing to a security issue. However, this time, Facebook isn’t directly responsible for the matter. Instead researchers found a separate unsecured database that exposed Facebook users’ data online. The database included over 267 million user records.
Security researcher Bob Diachenko and Comparitech found an open database that exposed millions of Facebook users’ data online. The researchers estimate more than 267 million records were included in the leaky server.
As elaborated in a blog post by Comparitech, the researchers discovered an unsecured Elasticsearch cluster that included millions of users’ data.
Specifically, the total exposed records sum up to 267,140,436, the information predominantly belonged to the US users. The exposed details included users’ full name, unique Facebook ID, phone number, and time stamp events.
Presently, it isn’t clear that how the hackers collected all the data. Diachenko believes that the data likely within the records was obtained by a hacker/s. One scenario could be that the criminals gathered this data through scraping, or they abused a Facebook API. They could then possibly use the data for SMS spamming and phishing campaigns.
Upon finding the open database, Diachenko swiftly reported the matter to the ISP managing the IP address of the server. After his report, the database went offline.