In yet another data breach, it appears that Facebook has accidentally let slip a bunch of user IDs, phone numbers and names.
This information comes from a new Comparitech report. The company worked with security researcher Bob Diachenko to discover the cache of data, which it believes was exposed as the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam.
At first glance it might not appear to severe a sting (we give out our names and phone numbers to people all the time, right?) but this info could be used to conduct further, more malicious phishing attempts and spam people with unwanted texts.
Diancheko reported the leak to the service provider managing the IP address, but worryingly the information had already been posted on a hacker forum on December 12. Most of the users who had their data exposed were based in the US.
It’s not clear how the data could have been stolen by the malicious parties, but Comparitech suggested that it might have something to do with Facebook’s previous handling of phone numbers.
Until 2018 users could search for friends by typing in their digits, but Facebook decided to put a stop to this.
In a post from April of last year, the company said: “Malicious actors have abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery […] So we have now disabled this feature.”
A company spokesperson also seemed to hint that this was behind the leak. Speaking with Endgadget, they said: “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”
This is far from the first time that Facebook data has been found floating around the internet by security researchers. In April, UpGuard Cyber Risk found two databases full of Facebook information, some of which contained full passwords. And in November, a new privacy ‘bug’ was discovered that would allow malicious actors to hijack iPhone users’ cameras.