In today’s world, social media is used all around the world. One of the most used social media is Facebook. But now all personal data of Facebook users are not safe. According to cybersecurity experts, over 267 million Facebook account holders were data found. These data were found on an uncover online database and were not even password protected. The unsecured online database contains Facebook user’s phone numbers, user IDs, and most US-based consumer names. Mr. Dyachenko, who examined the evidence, said that the data was likely caused by illegal scraping by criminals in Vietnam or abuse by the Facebook API. The database was exposed for more than two weeks starting from fourth December. Researchers believe that the information contained in the database can be used extensively to carry out spam and phishing campaigns, in addition to endangering users.
According to the report, the database was exposed for about two weeks. It was first published on December 4 and posted as a download on the hacker forum on December 12. The analyst searched the database two days later and sent a report of abuse to the ISP that handled the server’s IP address, which was then removed on December 19. According to researcher Diachenko, from the 267,140,436 records, the majority of affected users were from the United States. It’s unclear how the criminals obtained the user’s user IDs and phone numbers. One possibility is that the information is taken from the Facebook Developer API, earlier the company accessed the phone number until 2018 banned.
App developers use the Facebook API to add social contexts to their applications by accessing user profiles, friends list, groups, photos, and event data. Before 2018, phone numbers were available to third-party developers. According to Dyachenko, Facebook’s API may also have a security hole that allows criminals to access the user’s ID and phone number even after they have been banned. According to one of the Facebook spokespersons, this data might be leaked in some previous years, as in recent years, Facebook made some effective changes to protect the data of users. As the data is not safe at any online platform, everyone should try to avoid posting their information like bank account numbers, business email IDs, phone numbers, etc.