Security & Fraud

Hackers Access Unsecured Facebook Database With 267M Users’ Info 

Hackers Access Unsecured Facebook Database With 267M Users’ Info

Security researcher Bob Diachenko and Comparitech discovered that a Facebook database with 267 million user IDs, phone numbers and names was left unsecured and accessed by hackers, who uploaded it to a downloadable format, according to a report

Diachenko said he thinks the breach is because of an illegal bot scraping operation or even criminals who figured out how to abuse Facebook’s API. The originators of the database are suspected to be in Vietnam.

With the information, criminals could potentially launch a large-scale phishing campaign, either by SMS or other means. While Diachenko immediately notified the internet service provider about the breach, he noted that the information was also posted to a hacker forum.

It took about two weeks for the access to the database to be removed, according to the report. It was first indexed on Dec. 4, and then posted as a download on the forum on Dec. 12. On Dec. 14, Diachenko reported it and by the 19th it was unavailable.

He believes that the data did not belong to anyone, but was originally stolen by a criminal organization. That’s why Diachenko went right to the service provider.

Each record contained a unique Facebook ID, a phone number, a timestamp and a full name. IDs are unique and can be used to figure out more information about people.

The exact method for theft is not clearly known. It could have been a manipulation of Facebook’s API, which developers use to add social aspects to their own apps. However, it could also be a simple bot that was created to scrape phone numbers off of public profiles, as well as other information.

There’s also the possibility that there was a hole in security in the API that criminals took advantage of and used to perpetrate the crime. 

This particular type of breach would most likely be used for a spam or phishing campaign.



New PYMNTS Report: The CFO’s Guide To Digitizing B2B Payments – August 2020 

The CFO’s Guide To Digitizing B2B Payments, a PYMNTS and Comdata collaboration, examines how companies are updating their AP approaches to protect their cash flows, support their vendors and enable their financial departments to operate remotely.