2019 has been a year of many cyberattack incidents on notable companies in different fields ranging from Health to Social Media. The most recent of the attacks was launched on Facebook exposing millions of Facebook user accounts.
According to a report, an unsecured Facebook database was found on the dark web which contained details and information of over 267 million Facebook user accounts. In a published report on December 20, cybersecurity firm, Comparitech together with researcher Bob Diachenko stated that the database uncovered on the dark web contained the Facebook IDs, full names and phone numbers of 267,140,436 users.
Image Source: www.forbes.com
The report also revealed that the Facebook users whose accounts were exposed in the leaked database were residing in the United States. It, therefore, means these people could be targets of phishing scams, spam, and fraudulent messages. Reports suggest that the leaked trove of vital information was exposed to dark web cybercriminals for two weeks.
The database first appeared on the dark web on December 4 and was the topic of a hacker forum eight days later. “The leaked information may make victims easier to target with “large-scale SMS spam and phishing campaigns,” Comparitech said in the statement.
Each one of the over 267 million user accounts leaked also had a unique Facebook ID and time stamp, aside from the names and phone numbers. Comparitech explained how special and unique these Facebook ID’s are and how public numbers with specific accounts can be used to determine an account’s username and other profile information.
The massive pile of Facebook user accounts was taken down since it was uncovered by Diachenko. However, it was possibly downloaded several times by hackers and dark web cybercriminals in the hacker forum for a week. Researcher Diachenko, after he chanced upon the database, reported it to the internet service provider managing the IP address as he suspected the data belonged to a dark web criminal empire.
The report also stated that the database of Facebook user accounts was available without any password or authentication and had a downloadable link that was posted into the dark web hacker forum. Comparitech has also warned that, even though the leaked database is no longer available on the dark web, it is likely, it was copied to another destination or source and shouldn’t be taken lightly since all the data seemed to be valid.
Image Source: www.engadget.com
How the personal information of Facebook users got leaked on the dark web is still not clear but Comparitech believes that it might have been done through a process called ‘Scraping’. This is an illegal process and forbidden by Facebook’s terms of service, where public information on Facebook profiles are copied by automated bots or stolen right from Facebook’s developer API.
Researcher Diachenko, however, stated that he tracked the leaked database to Vietnam but was not exactly sure how the breached occurred.
Facebook has since released a statement saying that they are looking into this issue, but believe this is likely information obtained before changes they have made in the past few years to better protect people’s information. The statement also added that when a Facebook profile was listed as ‘public’, it can become an easy target for Scraping.
This security breach now adds to the list of breaches Facebook has suffered in the past few years. In September 2018, the social media giant saw a massive data leak, which had over 400 million Facebook user accounts exposed. These leaked data, also had the names, phone numbers and other private information of users exposed to the public.
The 2018 security breach, followed with a major scandal as investigations later revealed that, Cambridge Analytica, a then British consulting firm, collected information of millions of Facebook users without their consent and used it for several political advertisements. Further investigations also stated that the total number of Facebook user accounts compromised was 87 million and out of that number, Cambridge Analytica only received permission from 270,000 to share their personal information.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.