–Isabella Arcena

A joint report claims that more than 267 million names, phone numbers and user IDs of Facebook users was available on the dark web last year on December.

The information was freely available for at least two weeks, according to a joint report from Comparitech and researcher Bob Diachenko.
The report indicates the materials first were made available on Dec. 4, then were transferred to a hacker forum eight days later. The information has been removed after Diachenko informed the forum’s internet service provider about the unsecured information. The database belongs to “a criminal organization” in Vietnam “according to the evidence,” the researchers said.

Comparitech claimed the information may have been obtained by “scraping,” which is a technique where bots copy and collect data from web pages.

“We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” Facebook said in a statement.

Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.

The information contained in the database could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users.

● Timeline of the exposure

The database was exposed for nearly two weeks before access was removed. Here’s what we know:

December 4 – The database was first indexed.

December 12 – The data was posted as a download on a hacker forum.

December 14 – Diachenko discovered the database and immediately sent an abuse report to the ISP managing the IP address of the server.

December 19 – The database is now unavailable.

Typically, when we find exposed personal data like this, we take steps to notify the owner of the database. But because we believe this data belongs to a criminal organization, Diachenko went straight to the ISP.

In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:

A unique Facebook ID

A phone number

A full name

A timestamp

The server included a landing page with a login dashboard and welcome note.
Facebook IDs are unique, public numbers associated with specific accounts, which can be used to discern an account’s username and other profile info.

● Facebook scraping

How criminals obtained the user IDs and phone numbers isn’t entirely clear. One possibility is that the data was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018. Facebook’s API is used by app developers to add social context to their applications by accessing users’ profiles, friends list, groups, photos, and event data. Phone numbers were available to third-party developers prior to 2018.

Diachenko says Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted.

Another possibility is that the data was stolen without using the Facebook API at all, and instead scraped from publicly visible profile pages.

“Scraping” is a term used to describe a process in which automated bots quickly sift through large numbers of web pages, copying data from each one into a database. It’s difficult for Facebook and other social media sites to prevent scraping because they often cannot tell the difference between a legitimate user and a bot. Scraping is against Facebook’s–and most other social networks’–terms of service.
Many people have their Facebook profile visibility settings set to public, which makes scraping them trivial.

A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication.

Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.

The security breach could call into question Facebook’s plans to develop its own digital coin. Users would be required to provide sensitive information in order to use any such coins for transactions, creating a risk that bank accounts could be compromised.

SOURCE:

https://www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/

DarknetEXP

DarknetWatchPHILIPPINES