Latest Facebook data breach affects 267 million users, most of them from the US

Facebook is once again in the news for all the wrong reasons. A database containing more than 267 million user IDs and matching phone numbers has been discovered on the internet. The leaked dataset was found by security researcher Bob Diachenko, in partnership with Comparitech. Evidence suggests it was collected through an illegal scraping process or Facebook API abuse by criminals in Vietnam.

Whose data is affected?

Comparitech reports that a total of 267,140,436 user records were exposed. The dataset was apparently posted on a hacker forum where anyone could access it for nearly two weeks. It contained Facebook users’ unique IDs, phone numbers, full names, and timestamps. Diachenko says all of them seem to be valid. He also notes that most of these belongs to users in the United States.

Facebook IDs are unique to every account. So if your data was part of the latest leak, your phone number and name was available to all those who accessed the dataset.

What are the dangers of exposed data?

This information can be misused in a number of ways. For instance, phone numbers can be used to spread spam or phishing messages. It can also be used for SIM hijacking, wherein hackers can activate an existing phone number on a SIM card in their possession.

What is Facebook saying?

Facebook hasn’t officially revealed the number of affected users. However, it is in the process of investigating the incident. “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” a Facebook spokesperson told AFP.

Facebook removed phone number access for third-party developers in 2018. Diachenko says Facebook’s API could also have a security hole even after access was restricted.

Scrapping could be another explanation for how this data was stolen. The method involves deploying bots to collect information from publicly available Facebook profiles.  Facebook’s terms of service declare scraping as illegal, but the social network doesn’t really have processes to keep it in check.

Looks like Facebook users have no respite from data leaks. There have been multiple such incidents concerning the social media platform since the well-known  Cambridge Audio Analytica fiasco. The only real way to keep your personal information safe is to not put it out there on Facebook.

Do you still have faith in Facebook’s ability to protect your privacy? Or do you just not care anymore? We’d love to hear your opinion. Drop us a line in the comments section below.