On December 4th, security researcher Bob Dianchenko discovered a database containing over 267 million Facebook ids, names, and phone numbers stored online with not even a password to secure the information [^1] . He and his team of researchers believe this information was gathered and posted as a part of an illegal scraping operation or Facebook API abuse. Dianchenko immediately took action and notified Facebook of the vulnerability, however, it wasn’t until 15 days later that the database was secured. Unfortunately this was not quick enough, as hackers were able to access and steal the breached data for their own financial gain.
On December 12th, hackers posted a file containing the breached Facebook ids, names, and phone numbers of more than 267 million users for sale on an online hacking forum on the dark web. Researchers were able to verify the authenticity of the shared data and confirmed that the information stolen and posted does contain real Facebook user information. This information can now be used to send spam messages, impersonate affected users, conduct phishing scams, and launch future cyberattacks. Because of this victims need to be alert for a number of things:
Victims may have trouble signing into their accounts after a hacker has changed their password.Accountholders may notice messages and comments sent from their accounts to others that were not done by them.Victims may receive a significant amount of spam emails as their email addresses have been made public to hackers and scam artists.Spam emails received by victims may include Phishing links or Clickbait intended to bring financial gain to hackers.Cyber criminals may create clones of victims’ Facebook profiles in order to scam their friends and loved ones.Accounts where victims used the same password that they used on Facebook may be hacked.
While Mark Zuckerberg often assures users that they take appropriate security measures in safeguarding data against hackers, they have continued to hit news headlines for data breaches consistently. What is even more alarming is that the company doesn’t seem to worry about these breaches too much because they have the financial standing to pay fines associated with these breaches. In fact, they’ve set aside $3 billion just to pay off fines associated with future data breaches [^2].
{{component-cta-custom}}