The hack was first discovered by the Comparitech security researcher Bob Diachenko. He spotted the Facebook repository that has been exposed for over two weeks. While the company has taken care of the security, the data has appeared on various hacker forums so far. The data was available in Elasticsearch, a distributed full-text each engine, since the first week of December.
Over 267 million records didn’t include passwords or highly sensitive information. But the data includes full name, time-stamp, phone numbers, and Facebook IDs which is good enough for cyber-criminals to find out your Facebook profile and gather intelligence for phishing attacks. The database is ideal to conduct SMS-based scams.
Security researcher Diachenko said, “A database this big is likely to be used for phishing and spam, particularly via SMS. Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Most of the affected users are from the US. Those who have not set their Facebook profiles to “private” are the victims of the cyberattack. After discovering the database leak, Diachenko and his team alerted the ISPs hosting the information. It is not clear if the information was stolen by hackers. The company has a long history of neglecting user privacy. With Facebook launching its own OS, the company needs to take user privacy seriously.