The security researcher Bob Diachenko, released recently the news about the filtration of a database containing personal details of 267 million Facebook users, in which they will have been compromised. This database would be available on the Internet without the need for a password or other authentication. Analysts believe that this database is still the result of Facebook API abuse operations.
According to security researchers, The data that was exposed contains phone numbers, Facebook IDs, and usernames. This adds to a long list of privacy and security issues that continue to plague the world's largest social network.
The information contained in the database could be used for spam and phishing campaigns Large-scale SMS, among other threats to end users, the report said Thursday, adding that the majority of affected users were from the US.
The revelations come at a time when Facebook is trying to regain the trust of its users by protecting their data after the Cambridge Analytica scandal that badly hit its reputation.
The security researcher Bob Diachenko discovered the database last week and worked with Comparitech, a British technology research company, to publish a report on the subject.
According to the two entities, the database, which has since been removed, it was not protected by a password or any other protection measure. According to them, before removing access to the database, the information it contained had been made public for almost two weeks.
Similarly, According to Comparitech, someone had also made the data available for download on a hacker forum. In this context, the report indicates that having this data allows scammers to launch new phishing scams and correlate the data from telephone statements with Facebook user profiles.
Diachenko was able to trace the database back to Vietnam, but it was unable to identify exactly how the data was accessed or used for.
In addition to that, the in-depth analysis indicated that data was possibly compromised by an API that gives developers access to background data such as friend lists, groups, and photos.
Facebook's API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted, Diachenko said.
Another possibility is that the data was stolen without using the Facebook API and was instead removed from publicly viewable profile pages, according to the report.
The report warned that Facebook users should be on the lookout for text messages suspects. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages, he added.
According to Comparitech, to prevent your information from being deleted of your profile, Facebook users must change their privacy settings to remove your profile from search engine results.
Comparitech also advises users to only allow their friends to see their messages. However, these small steps are not enough and some Facebook users may already be exposed.
This is not the first time that such a database has been exposed. In September 2019, 419 million records were exposed in various databases, including phone numbers and Facebook IDs. In addition to that there are concerns about the "supposed privacy of Facebook", as they raise questions about whether the company is doing enough to protect the data of its billions of users.
According to some specialists, Facebook is now struggling to properly manage its users' data, therefore many are raising the issue or campaigning for the dismantling of Facebook.