A piece of shocking news came in when it was reported that Facebook’s database of millions of user’s IDs, names & even phone numbers were leaked on the web for anyone to access.
This is quite appalling to know considering Facebook to be one of the most used social media platforms by millions.
Comparitech & security researcher Bob Diachenko reported the news by quoting that the exposure of the data was the result of “an illegal scraping operation or Facebook API abuse by criminals in Vietnam.”
Bob was also of the view that this leaking of essential user information could be for conducting large scale SMS spam & phishing campaigns or for some other threats to users.
What is even more shocking is the data was leaked on the web for 2 weeks & it was first indexed on December 4 where on a hacker forum it was posted as a download on December 12. After 2 days, the analyst discovered the issue & then sent an abuse report to the ISP managing the IP address of the server. And, soon after that on December 19, it was removed.
Diachenko also added saying that the data was possibly stolen from Facebook’s developer API before the company’s restriction to access phone numbers in 2018.
Before 2018, phone numbers were made available to third party developers & according to Diachenko Facebook’s API could have a security hole which would have allowed cybercriminals to access the phone numbers & IDs even after restrictions. Also, Facebook’s API is used by many app developers by accessing user’s profiles, photos, friend lists, etc. in order to add social context to their applications.
Another possible reason behind the exposure of data would be that it was scraped from publicly visible profile pages.
Scraping is a technique in which large amounts of data can be extracted & saved on a local file in a computer from websites or in a database format. And, this is against many social media platforms terms of service, including Facebook.
This incident is similar to the data breach incident related to Cambridge Analytica, where an app that appeared to be an academic survey gathered user information from Facebook.