Over 250 Facebook Users' Phone numbers Were Exposed Online
A database exposing the names, phone numbers and Facebook user IDs of millions of users was left unsecured on the web for two weeks before it was removed. Bob Diachenko, a security researcher, discovered the unsecured Elasticsearch database. Diachenko thinks it belongs to a cybercriminal organization and not to Facebook. Diachenko went to the internet service provider that manages the IP address of the server so that the access could be removed.
It's still unclear as to how the information in the database was collected in the first place. One possibility is that the data was stolen from Facebook's developer API used by app developers to access user profiles and connected data before the company restricted developer access to phone numbers and other data in 2018.
The database was first indexed on Dec. 4 and was discovered by researchers on Dec. 14. While the database is now unavailable on the IP address where it was discovered, the data was also posted to a hacker forum as a download on Dec. 12. More than 250 million records were in the database including unique Facebook IDs, phone numbers, full names and a timestamp. The affected Facebook users in the database were mostly from the U.S., according to researchers.
Regardless of how the data was collected, users should adjust their privacy settings to private instead of public to decrease the chances of their profiles being scraped by third parties. Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.