Credentials of 267 million Facebook users exposed

In the latest case revolving around data breach this year, personal data of 267 million Facebook users was exposed online on a database. Earlier this year, data of 49 million Instagram users and 419 million Facebook users was exposed in databases online.

According to a report by Comparitech and security researcher Bob Diachenko, personal data consisting of user IDs, phone numbers and names of 267,140,436 Facebook users was left exposed on a database online. This database could be accessed by anyone on the web without a password or any form of authentication and hence, it could be used for SMS spams and phishing attacks. Also, the data of those 267 million Facebook users, apart from being available on the database was also posted on a hacker forum for anyone to download.

On receiving information about the data leak, Diachenko contacted the internet service provider so that the accesses to the IP address of the database could be removed from the servers. However, the database was exposed online for almost two weeks before the Internet Service Provider (ISP) revoked access to the database.

According to Diachenko, the hackers could have exploited a security hole in Facebook’s API. The researcher also said that there is likelihood that the data could have been stolen without using Facebook APIs. There is a possibility that hackers could have gathered this data from “publicly visible profile pages”.

In response to the data leak, Facebook said in a statement to the United States based media channels that it was looking into the matter. The company however believes that the leaked information would have been obtained before it made changes in the past few years to better protect people’s information.