More than 267 million Facebook user IDs, phone numbers, and names were exposed online and available for access without any security, according to a report by Comparitech.
Security researcher Bob Diachenko discovered the unsecured database. The database is believed to be a “result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.” Upon discovery, Diachenko then alerted the internet service provider managing the database to remove the public access, however, the data had already been posted to a hacker forum in the form of a download.
According to Comparitech, the database included a user’s Facebook ID, their phone number, full name, and a timestamp. The majority of the users affected were from the United States. It’s unsure yet how the criminals obtained the data, but Comparitech says that ” One possibility is that the data was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018.” Another possibility could be that “the data was stolen without using the Facebook API at all, and instead scraped from publicly visible profile pages.” Comparitech mentioned that having a user’s Facebook profile visibility set to public makes it easier for criminals to scrape their data.
Comparitech recommends that Facebook users adjust their profile Visibility settings to “Friends” or “Only Me” and also set “Do you want search engines outside of Facebook to link to your profile” setting to “No”.