Categories: Workspace

Facebook Investigating Report Of 267m User Records Posted Online

Facebook said it is looking into a report that personal details of more than 267 million of its users were made publicly available online.

The report is the latest of a string of privacy failings at the company, even as it has pledged to make privacy a priority as part of its record $5 billion (£3.85bn) FTC settlement over historic privacy violations earlier this year.

Technology website Comparitech and security researcher Bob Diachenko said they uncovered an Elasticsearch cluster with some 267,140,436 user records, including unique Facebook ID numbers, phone numbers and full names.

Most of the users affected were in the United States, Comparitech said.

Facebook chief executive Mark Zuckerberg at Facebook’s F8 developer conference in 2018. Credit: Facebook

Data leak

The cluster, first indexed on 4 December, was accessible without a password or any other authentication.

Comparitech contacted the ISP controlling the server to have the cache removed, but said the data was also posted to a hacker website.

The data appears to have been either illegally scraped from publicly available Facebook profiles or obtained via Facebook’s own APIs prior to 2018, when technical changes made such data leaks more difficult.

It’s also possible that the data was obtained via a security hole in Facebook’s API, Diachenko said.

Criminals in Vietnam are likely to be responsible for gathering the data, Comparitech said, adding that it could leave users exposed to spam and phishing attacks via telephone.

Phishing risk

“The information contained in the database could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users,” Comparitech said.

The company advised users to be wary of unsolicited SMS messages and phone calls and to change their privacy settings to reduce the risk of data scraping.

Facebook said it was “looking into this issue”.

It added that the data was likely to have been obtained “before changes we made in the past few years to better protect people’s information”.

In September a security researcher found another database containing 419 million records tied to Facebook accounts, and last year a hack exposed the data of 29 million users.

Errors by third parties have exposed 540 million Facebook records, while earlier this year 20,000 Facebook staff were found to have access to 600 million users’ passwords.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Shareholders Vote On Chinese App Removal Policies

Apple's policy to obey Chinese government orders to remove certain apps from its App Store in China is facing a…

10 hours ago

Google To Spend Billions On US Data Centres

Alphabet CEO Sundar Pichai confirms plan to spend $10 billion in 2020 on Google data centres and offices across the…

10 hours ago

NTSB Slams Tesla’s Autopilot Safeguard, Blames Regulator Oversight

Tesla and US safety regulators criticised over a lack of safeguards in a fatal 2018 Autopilot crash by US National…

11 hours ago

AI and Public Standards

As the Committee on Standards in Public Life release their awaited report considering AI and its impact on the delivery…

14 hours ago

US Supreme Court Rejects Apple Appeal Against VirnetX

Bad news for Apple, as the US Supreme Court rejects iPad maker's appeal against a $440m patent infringement financial penalty

15 hours ago

Met Boss: Facial Recognition Less Concerning Than Knife In Chest

The United Kingdom's most senior police officer Cressida Dick has strongly defended the use of facial recognition by police forces

17 hours ago