An unsecured database exposes more than 267 million Facebook User IDs, phone numbers, full name, and timestamp. The database exposed to the web without any authentication, by having the web URL anyone can access the database.

Security researcher Bob Diachenko partnered with Comparitech uncovered the Elasticsearch database, the database found to be open for nearly two weeks.

Diachenko believes that the data was scrapped illegally by abusing the Facebook API by Cybercriminals in Vietnam and they can be used to conduct mass spam and phishing campaigns.

Data Posted on Hacker Forum

The database found to be indexed on December 4th, the bad news is that Facebook user’s data are posted in the hacker forum on December 12th. The detailed posted on hacker forums could reach several cybercriminals, by having the data they can launch sophisticated attacks.

Diachenko uncovered the data on December 14th, and it was reported to the ISP, finally, the database was taken down on December 19th.

What are the Details Exposed

According to Diachenko, Facebook’s API could have a security hole that allows the cybercriminals to scrap the details, the exposed details include;

  • A unique Facebook ID
  • A phone number
  • A full name
  • A timestamp
Data screen

“In total 267,140,436 Facebook users records were exposed. Most of the affected users were from the United States. The server included a landing page with a login dashboard and welcome note,” Diachenko says.

Facebook restricted the data in 2018, before that details such as check-ins, likes, photos, posts, videos, events, and groups, possibly the data scrapped before that.

Also Read

U.S. Based Hospital to Pay $2.175M for Not Reporting the Data Breach of Health Care Data

Over 750,000 U.S Birth Certificate Applications Exposed Online From Unsecured AWS bucket

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.