Recent Facebook user ID and phone number leak affects millions

by Teodor Nechita
Teodor Nechita
Teodor Nechita
Software Managing Editor
Eager to help those in need, Teodor writes articles daily on subjects regarding Windows, Xbox, and all things tech-related. When not working, you may usually find him either... read more
Affiliate Disclosure

To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Over 260 million Facebook users had their names, Facebook IDs and phone numbers exposed without any type of protection. They were left on a website in a way that was accessible for all, not even hidden behind a password.

Security researcher Bob Diachenko partnered with Comparitech to in order to find out what exactly was the issue with the Elasticsearch cluster.

How did the leak happen?

The security researcher believes the cluster of personal Facebook data is most likely the result of an illegal scraping operation or maybe even a Facebook API abuse by cyber criminals. At least, that was what the initial evidence leads to show.

Having this type of data at your disposal and at such a large scale is upsetting.  It would allow you to perform global-scale phishing and SMS scams.

Fortunately enough, the security specialist together with the server’s Internet service provider managed to limit access to the data as soon as possible.

The bad news is that all the data was posted on a hacker forum and it was available for download to anyone that visited the website.

How long did the exposure last?

Unfortunately, 267 million users IDs and phone numbers were exposed for a grand total of two weeks. It seems that the database was first indexed on December 4th. The data was then posted as a download on a hacker forum on December 12th.

It would only be until December 14 that Diachenko would discover the information leak and immediately sent an abuse report to the ISP managing server. The problem is that it was only until December 19 that they prohibited access to the data.

Do you think that Facebook should improve their security measures? Let us know in the comment section below.


This article covers:Topics: