In yet another data breach, it appears that Facebook has accidentally let slip a bunch of user IDs, phone numbers and names.
This information comes from a new Comparitech report. The company worked with security researcher Bob Diachenko to discover the cache of data, which it believes was exposed as the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam.
At first glance it might not appear to severe a sting (we give out our names and phone numbers to people all the time, right?) but this info could be used to conduct further, more malicious phishing attempts and spam people with unwanted texts.
Related: Facebook working on own OS to control AR future
Diancheko reported the leak to the service provider managing the IP address, but worryingly the information had already been posted on a hacker forum on December 12. Most of the users who had their data exposed were based in the US.
It’s not clear how the data could have been stolen by the malicious parties, but Comparitech suggested that it might have something to do with Facebook’s previous handling of phone numbers.
Until 2018 users could search for friends by typing in their digits, but Facebook decided to put a stop to this.
In a post from April of last year, the company said: “Malicious actors have abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery […] So we have now disabled this feature.”
A company spokesperson also seemed to hint that this was behind the leak. Speaking with Endgadget, they said: “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”
Related: This Facebook breach may be scariest yet
This is far from the first time that Facebook data has been found floating around the internet by security researchers. In April, UpGuard Cyber Risk found two databases full of Facebook information, some of which contained full passwords. And in November, a new privacy ‘bug’ was discovered that would allow malicious actors to hijack iPhone users’ cameras.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.