According to a report by a cloud security course firm, two databases with more than 300 million Facebook user records were found exposed on the Internet to anyone’s reach. Security firm Comparitech, in collaboration with researcher Bob Diachenko, was in charge of the incident report, involving two Elasticsearch implementations. Although the investigation is still ongoing, the expert believes that this information is likely to be collected through abusive social media data search activities linked to gangs of cybercriminals based in Vietnam.
Among the compromised details is Facebook user
IDs, names and phone numbers linked to accounts. Threat actors could use this
information to deploy phishing campaigns, mass sending of spam SMS, and even
some variants of identity fraud. Although the researchers immediately reported
their finding, they noted that the database
had already been shared in a hacking forum.
Members of the cloud security course firm mention that a database with more than 260 million records was initially found. A few days later, researchers found a second exposed Elasticsearch implementation, containing more than 42 million records, so the incident has reached nearly 310 million exposed records.
It is a protocol in the cybersecurity community
to issue the report to the company that owns the database when a researcher
makes such a finding. However, because researchers believe this database is
managed by a cybercriminal group, researchers focused on trying to identify the
IP addresses associated with the databases, the cloud security course firm
It is not yet clear how cybercriminals gained
access to the phone numbers of affected Facebook users. The International
Institute of Cyber Security (IICS) considers that one possibility is
that information was extracted from a Facebook developer’s API before the
social network restricted access to this data.
It should be noted that developers outside
Facebook had access to this information before the company updated its policies
in 2018, so this data may be out of date.