Another Failure In Protecting User Data: Information Of 267 Million Facebook Users Was Exposed Online

Facebook’s privacy scandals seem endless, making us wonder when it will be able to protect its user data properly. In the latest incident, information on over 267 million Facebook users including user ID, names, and phone numbers was exposed in a public database.

The database in question, which anyone can access, was found by a security researcher on December 14. The databased has since been pulled down, but it was not protected with any safeguard measures, not even a password. All the information was accessible to anyone for two weeks before getting removed. As reported by UK technology research company Comparitech, someone else also exposed the data on a hacker forum and made it available for download.

The incident once again makes people question if Facebook is spending enough effort on protecting its user data, which includes over 2 billion people from every part of the world. It also reminds us that we should be aware of which of our information is being shared on the platform.

According to the research firm, the exposed data puts Facebook users at the risk of phishing and spam campaigns. From a user ID, one can figure out that person’s username on the network as well as other profile information.

The security researcher who discovered the exposure said that criminals in Vietnam might have obtained the data in two ways. One, they might exploit the network’s API (app programming interface), which allows developers to access users’ groups, photos, and friend lists among other data. That might take place before the access restriction Facebook imposed on user phone numbers last year or afterward due to a security hole. In addition, they could have scraped the data from public profiles using automated technology.

According to an email from the researcher, there was a welcome page along with a dashboard that was linked to the database, including a Vietnamese invitation that asked for a password and login. The database appears to be set to public by mistake, he said.

A Facebook spokesman stated that the firm is looking into this matter but thinks that the data was likely to be harvested before the changes on user information like access restriction to phone numbers.

So many data breaches before

This is obviously not the first time Facebook has got involved in a data breach. We can’t even start without recalling the Cambridge Analytic scandal, in which 87 million users were affected by a massive data harvest without their permission. The social giant was also criticized for storing passwords of hundreds of millions of people in plain text.

Then in April, UpGuard security researchers discovered that over 540 million user records were on a public database on Amazon’s cloud servers. TechCrunch reported in September that a server contained databases with over 419 million records on Facebook users in the UK, US, and Vietnam. However, according to the social giant, the server included about 220 million records. The researcher said, though, that the latest exposure included similar data but not the same one.

In September, a similar database was found online. It remains unclear if it’s the same person that’s posting the information this time.

How to protect yourself from a data breach?

Unfortunately, one of the best and proactive things you can do is changing your privacy settings so that no other search engines than Facebook can link to your profile. You also have the option to deactivate or delete your account any time you want.

>>> All You Need To Know About Facebook Password Sniper - 2020 Updated