Facebook leaks names, phone numbers and emails of over 267 million users and employees

A new data protection scandal affects Facebook users and employees. According to specialists, more than 267 million user IDs, phone numbers and usernames were exposed due to an unprotected database, so threat actors were able to use this exposed information to deploy phishing and spam campaigns.

The database was reported by renowned researcher Bob Diachenko, who specializes in the search and reporting of information exposed online. A report from security firm Comparitech mentions that access to the database has already been disabled, however, before securing the information an unauthorized user copied the database and uploaded it to a hacking forum, from where it is possible to download it.

The information presented appears to belong to Facebook users based in the United States and includes personal details such as full name, Facebook identification key and phone numbers, data protection experts report.

In preparing the report, Diachencko mentioned that the data would have been compromised due to an information collection campaign or a social network API failure. Data collection on the platform goes against Facebook’s usage policies, although it is a very difficult practice to combat, especially when people use Facebook as a public profile.

The main measure that Facebook users can implement against these data collection activities is to change their profile settings. In the “Do you want search engines outside Facebook to link to your profile?” you must select the option “No”; this way only your contacts within the platform will have access to your information. Ignoring SMS from unknown numbers is also a good security measure, data protection experts say.

Facebook has faced data protection issues multiple times this year. Just a few weeks ago, confidential information of Twitter and Facebook users was compromised due to the use of malicious Android apps, downloaded from sources outside the official Google Play Store platform. A couple of months ago it was also reported that an API bug gave some developers access to multiple details about participants from thousands of Facebook groups.

However, data protection specialists from the International Institute of Cyber Security (IICS) say one of the worst incidents occurred in September, when an exposed database containing telephone numbers was discovered associated with millions of Facebook accounts, some records even showed the names of users.

These kinds of incidents happen all the time and social media companies seem to do very little to protect the information under their backing, so users need to take additional precautions. Periodic password reset is a good option to prevent these incidents because, in case a data breach reveals these details, the user’s access credentials might be out of date, protecting their data to a large extent.