Phone numbers and names of more than 267 million Facebook users leaked online, risk of being used for fraud


Phone numbers and names of more than 267 million Facebook users leaked online, risk of being used for fraud


Perform IT-related reviews and surveysComparitechIs a security researcherBob DiachenkoWorking with him, he discovered that the phone numbers and names of more than 267 million Facebook users are publicly available in publicly accessible online databases. At the time of writing, the database had already been deleted, but the data was leaked to hacker forums and Comparitech warned that the data could be used for SMS spam and phishing scams.

Report: 267 Million Phone Numbers & Facebook User IDs Exposed Online

Millions of Facebook user phone numbers exposed online, security researchers say-CNET

Comparitech and Diachenko are working to find unsecured databases online and report issues such as data leaks. On December 14, 2019, Diachenko said a large amount of Facebook user dataElasticsearchI discovered that it was published online as a database.

The database discovered this time seems to have stored a total of 26,714,436 Facebook user data, and most of the affected users were people living in the United States. Also, each record included Facebook account ID, phone number, full name. Diachenko believes that the data leak was not accidental, but was likely to have been intentionally leaked by a malicious person.

by madartzgraphics

According to Diachenko, it takes about two weeks from when the database was released to when it was finally deleted, and the following timeline progressed from data leakage to database deletion.

・ December 4, 2019:The database is indexed first.
・ December 12, 2019:Data is posted to the hacker forum in a downloadable state.
・ December 14, 2019:Diachenko discovers database and manages server IP addressesISPImmediately send an abuse report to.
・ December 19, 2019:The database is deleted.

In general, if you discover that a database has been published online and your personal information has been leaked, it is common practice to first notify the database owner. However, Diachenko explained that he had contacted the ISP directly because he believed that the data breach was apparently caused by a malicious criminal organization.

by iAmMrRob

It is not clear how the culprit got the Facebook account ID and phone number, etc.Facebook restricts access to phone numbers from Facebook API for developers in 2018Earlier, it could have been stolen via the Facebook API, posing as a third-party developer. Diachenko also points out that there may be security holes that could allow criminals to access more detailed information even after Facebook APIs have restricted access to phone numbers.

Another possibility is that from your Facebook profile page,Web scrapingThe data was collected using. Although scraping that automated bots copy data from web pages violates the terms of use of most SNS including Facebook, it is difficult to actually prevent scraping. Many people make their Facebook profile public, but if you want to reduce the damage caused by scraping, you need to take measures such as restricting the scope of the profile.

It is said that information such as phone numbers and names stored in the database leaked this time may be used for spam and phishing scams via SMS, and Facebook users need to pay attention to suspicious text messages Comparitech is ringing a bell. Even if the sender knows the personal information, including the name, it is dangerous to trust it easily because it is possible to gather more personal information based on the leaked information.

Diachenko points out that the culprit involved in the outflow was likely to be Vietnamese because Vietnamese was included in the welcome page and login dashboard linked to the database.

Copy the title and URL of this article

Source link

Do you like this article??

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button