Posted on December 20, 2019 at 9:07 AM
Facebook is reportedly facing another data leak as more than 267 million users are affected this time. Of these numbers, most of them are Americans. The Facebook phone numbers, names, and User Id of the affected users have already been shared on the dark web.
The database of these users was shared on the dark web for three weeks. However, Facebook says it has corrected the leak to prevent a future hack.
Experts have pointed out that those users who are affected and identified in the database could be targeted by phishing schemes or spam messages.
Researcher Bob Diachenko and Comparitech, a cybersecurity firm, discovered this leak on Thursday. However, no one knows yet how the sensitive data was exposed.
Diachenko setup tracing software on the leaked database and found out it was leaked in Vietnam. He is suspecting two scenarios the hacker used to get the susceptible database. Diachenko is speculating that the hackers stole the data from the developer API of Facebook, or it was stolen through an illegal scraping process.
Facebook has patched the leak, but the damage has been done
A Facebook spokesperson has revealed that the database has been patched, and no further leaks are possible. He said the company is currently investigating the issue, stressing that the information were likely exposed before the changes the company made to protect users’ data better. In April last year, Facebook cleared phone numbers from its API platform after the analytical scandal. This means that there were no recent numbers included in the stolen data. Any number included there may have been more than 18 months old.
But the move is a little too late for the hacker because part of the stolen data had been seen on the dark web. It was available for the past two weeks to anyone without a password. A popular hacker forum placed a downloadable link to the data.
Diachenko reported that the leaked data was first released on the web on December 4 but appeared on a popular dark web forum on December 12. Diachenko immediately reported it to the ISP in charge of the IP address as he believed the information was illegally taken from Facebook.
The Data contained Facebook IDs. According to comparitech, these are public numbers linked to Facebook profile accounts, which a hacker could use to get other profile information and the account’s username.
It is the third time Facebook is having a major data hit within the space of one year. The first was the facebook analytical scandal last year. The second happened more recently in September this year, where more than 400 million phone numbers of Facebook users were exposed.
Last year, it was discovered that Cambridge analytical had used the personal information of more than 400 million Facebook users for political advising without gaining consent from them.
Users should be more careful with their personal information
A database that is as huge as this could be used for spam and phishing. And Diachenko has warned facebook users to be very careful of the messages they receive.
He also stated that having related passwords to different user accounts is too much risk. Yes password management may not be easy for some people, but better password habits could help you protect your data whenever there is a security breach of this nature, Diachenko concluded
Comparitech also advises users to be careful before releasing any information to the messenger. According to the firm, users should be skeptical of any spontaneous message even if the sender knows some basic information about them. If it’s not coming from someone they know personally, it could be from a spammer.
Comparitech also enlightens users on how to minimize the risk of being targeted in future security breaches. The company said no single company is an impenetrable wall where a security breach cannot occur.
But it’s the role of the user to be on a safe side in case this security breach affects them. Users should tighten their security settings and provide limited information on their public profile. It will limit their amount of exposure in case the data containing such profile is breached, Compatitech reiterated.