Recently, researchers at cybersecurity intelligence firm Cyble came across a database with 267m Facebook user profiles. These profiles were being sold on the Dark Web, where, they would be verified and then added to the firm’s breach notification service. It is said that the researchers bought this data for a total of £500.
These records hold unique Facebook users’ IDs along with public numbers associated with specific accounts. These data are used to figure out an account’s username and other profile info. With full names, email addresses, phone numbers, timestamps for last connection, relationship status and age, these data hold tremendous amount of information that invades human privacy.
Providentially, although there were no passwords exposed, the breach still forms a perfect tool kit for promotion. The promotion may include for an email or text phishing campaign which looks like it’s coming from Facebook itself. If an enormous amount of audience gets into clicking on spear phishers’ rigged links, it could lead to the exposure of a huge amount of valuable data.
How did the data get leaked?
According to Cyble, it says in a blog post that it the reason is unknown but, researchers suspect that it could be a leak in Facebook’s developer API or from scrapping.
Scraping is basically the automatic sucking up of publicly available data (like the kind people often publicly post on Facebook and other social networks).
It doesn’t stop that easy?
Well, that’s not just it. After some digging, it comes to light that this same database had been posted before. This piece of news was spotted by security researcher Bob Diachenko and later was taken down by the ISP hosting the page.
It then again reappeared and fattened up with another 42 million records in an Elasticsearch cluster on a second server. The whole chaos doesn’t stop here. As an unknown actor(s) made sure to stop the breach by replacing personal info with dummy data. He swapped in database names labelled with this advice: “please_secure_your_servers”.
This work was done last month by Diachenko in partnership with the tech site Comparitech. Comparitech said that the database was exposed for nearly two weeks, available online with no password protection before it was taken down.
Insights on data breach:
It is said that this initial breach exposed 267,140,436 records of what were mostly Facebook users in the US. It was verified by Diachenko that all of the records were valid. Moreover, these same 267m records were exposed on the second server in March 2020. Only this time, the exposure included an additional 42 million records, hosted on a US Elasticsearch server.
Along with that, Comparitech said that the additional 25 million of the new records contained similar information. The data contains Facebook IDs, phone numbers, and usernames. Barring that the 16.8 million of the new records had even more, including gender, email address, birth date and other personal data. This was a severe breach that compromised the privacy of millions of users.
The Question Remains?
Cyble researchers and Diachenko, the both, aren’t sure how the breach happened. However, both suggest that it could have been a hole in Facebook’s third-party developer API.
Moreover, they suggest that this hole might have existed before the platform restricted access to phone numbers. This lets crooks get at our user IDs and phone numbers even after Facebook restricted that access in the API.
In conclusion to this breach, both Cyble and Diachenko believe that the records might have been harvested by scraping. So, you might want to rethink how much data you’re publicly sharing on Facebook.
We know how social media is important and it is an integral part of our life. But, we might as well want to think twice before over exposing ourselves in Social media verifying our own safety. Let’s not forget to take care of our cyber safety before giving in too much of information.
