Facebook has been having quite the problematic year, and it seems to have somehow gotten worse. More than 260 million Facebook user phone numbers, names, and other secure data may have been exposed via an open database.
This is just the cherry on top for the social media behemoth, who has been struggling with privacy and security issues in recent times. CNET reported the data leak early yesterday morning after speaking with security researcher Bob Diachenko. According to the report, Diachenko uncovered the database on December 14th and found that it had an open door to anyone privy to its existence. No passwords nor other safeguards were required to access the data within.
Diachenko has confirmed that access to the database has since been disabled. However, the information may have been out in the wild for two weeks. The information has also been available to download on a hacker forum according to a UK technology firm working with Diachenko, Comparitech.
Comparitech has stated that the leaked data has created a window of opportunity for phishing scams, and spam. User ID included in the leak can trace back to the user’s profile and contact information. This has been another major blemish in an already harsh year of valid criticisms towards Facebook. Earlier this year, Cambridge Analytica collected the data of over 87 million Facebook users with concent. This leak, however, is on a much larger scale.
Diachenko believes that the user information may have been obtained by criminals in Vietnam by either exploiting Facebook’s application programming interface or utilize automated technology to scrape information off public profiles. Speaking with Diachenko via email, he said that a welcome page and dashboard associated with the database linked to a Vietnamese invitation to input a login and password. Additionally, Diachenko said that the database’s access must have been a mistake and that “there are no good reasons to publicly expose this data.”
Facebook is aware of the problem and believes the data was scraped before it could safeguard user information. As of now, users can only utilize the security option in their profile to avoid search engines outside of Facebook from linking to their profile or delete their profile altogether.