Social networking website Facebook just suffered one of its largest data breaches yet, with more than 267 million users affected. According to Notebook Check, Facebook users’ IDs, phone numbers, and names were exposed to an online database. Though the basic information might not seem like that big a deal, the breach means that millions of Americans will likely become the targets of spam and phishing campaigns over the next few months.
The massive breach was discovered after security researcher Bob Diachenko came across the database containing millions of names and phone numbers on a website known as Elasticsearch. The website is known to hackers and other unethical web users, and has been the subject of controversy before.
The hacked information was first made public on December 9. By December 12, it was made available in downloadable form on a hacker forum. Diachenko uncovered the breach two days after that, on December 14, and alerted authorities. It has since been taken down.
Diachenko believes that the source of the hackers was a group of criminals in Vietnam, reports CNET. He added that the hackers could have gotten the information in two different ways. One could have been by using Facebook’s application programming interface, or API, that lets developers access data such as their friends list, photos, and groups. The other way would have been through the use of automated technology.
According to a Facebook spokesman, analysts at the social media behemoth believe that the data was obtained before a series of security changes were recently implemented by Facebook. In other words, current account security might have stopped the hackers if they had acted today.
This is not the first security breach that the Mark Zuckerberg-led company has faced this year. There was outrage after 540 Facebook user records — that included personal details like comments and likes — were found in a public database on Amazon’s cloud servers. All in all, analysts estimate that personal information of more than 700 million Facebook users has been hacked and publicly listed on internet forums.
The latest security breach is just one more headache for founder Mark Zuckerberg. The Harvard drop-out had already been facing much criticism after choosing not to fact-check political ads, particularly as the decision came after a dinner with President Trump and Paypal co-founder Peter Thiel at the White House.
The move has earned ire from celebrities and tech figures alike. As was previously reported by The Inquisitr, Borat star Sacha Baron Cohen slammed Zuckerberg for “profiting off propaganda.” However, Facebook is fighting back against the claims, arguing that they have hired additional fact-checkers to fight the spread of fake news.