For nearly two weeks, the personal information of over a quarter of a million Facebook users was left exposed for anyone to access. The database was published on an online hacker forum and included user names, phone numbers, time stamps and Facebook IDs. Facebook is currently investigating the data leak.
267 Million Users Affected
An estimated 267 million Facebook users were affected by the Facebook data breach. 99% of the users were from the US and most of the others came from Vietnam. Their personal information was freely accessible online for at least 10 days.
Independent cyber security consultant Bob Diachenko discovered the database was first indexed on December 4. Next, it was posted as a download on a hacker forum on December 12. On December 14, Bob Diachenko discovered the database and immediately sent an abuse report to the internet service provider managing the server’s IP address.
As of December 19, the database was unavailable.
Various Possible Threats
With the help of the exposed data, scammers can start sophisticated phishing scams to try to obtain more personal and financial information and to attempt identity thefts. This information can also be cross-referenced with other personal data, such as physical addresses or birthdates, obtained in other data breaches.
It is not easy to estimate the value of personal information. This depends largely on the level of its importance, how complete the profile is, who is using the data and what it is being used for. Legally obtained batches of user profiles can be worth as little as 20 cents per account, while stolen information can change hands for anything between a couple of dollars to a few hundred dollars per identity.
To better protect personal information on Facebook, it is recommended to adjust the Facebook privacy settings so that only friends can see posts and always log out when using a non-personal devices.
Facebook faces a huge challenge rebuilding trust. Especially since personal information of Facebook users has been leaked on numerous occasions over the years in various data breaches.
The tech company is currently investigating this month’s data leak. “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” a Facebook spokesperson told global news agency AFP.
Facebook removed phone-numbers from its interface in April 2018, following the Cambridge Analytica scandal. Consequently, the leaked data is believed to be more than 18 months old.