Data of 267 Million Facebook Users Exposed Online

A database containing the user IDs, names, and telephone numbers of 267 million Facebook users has been exposed online for a period of around two weeks as a result of a misconfigured Elasticsearch cluster.  The exposed database was discovered by Bob Diachenko and security researchers at Comparitech. It is believed to have been created by individuals based in Vietnam. Most of the individuals whose data has been exposed are based in the United States.

This is not a data breach at Facebook but most likely a database that was created through scraping publicly accessible Facebook profiles or potentially was data obtained through the Facebook API prior to 2018. The Facebook API allows developers to access profile data to add social context to their applications. Developers are given access to user profiles, group membership, friend lists, photos, and other data. Users phone numbers were also accessible until 2018 when Facebook restricted access to phone numbers.  Since phone numbers are included in the database, Diachenko suggests the data may have been obtained via vulnerability in the Facebook API.

The database had been indexed by search engines on December 4, 2019. By December 12, the database had been made available for download on a hacking forum. Diachenko discovered the database on December 14 and notified the ISP, who took the database offline five days later.

There have been several large databases exposed online as a result of misconfigured Elasticsearch instances in the past few weeks. Last month, Bob Diachenko and Vinny Troia discovered a database containing the data of 1.2 billion individuals, including 622 million email addresses and 50 million phone numbers. Profile details had come from several social media networks, including Facebook, Twitter, and LinkedIn. The database belonged to California-based brokerage, People Data Labs.

A further 2.7 billion email addresses and 1 billion passwords were found by Diachenko earlier this month. The database mostly contained data on users in China. The data had come from several internet service providers including Sohu, Sina, and Tencent.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news