If you start receiving more telemarketing calls, you can blame Facebook.Recently, a security researcher named Bob Diachenko found a database of user account info including their name and phone numbers for 267 million Facebook users. It was available in an unprotected format and copied to other hacker forums.
Reports indicate that this presents a treasure trove of data for telemarketers and spam purveyors because the data looks legitimate and comes from the social network itself, not from an untrusted source. (In some cases, leaked data that is old and outdated doesn’t help would-be scammers because the names and numbers are incorrect.)
Having this data means scammers can start new phishing scams and correlate the data from the phone records to Facebook user profiles.
The analyst says the data was potentially compromised through an API that gives developers access to back-end data, such as friend lists, groups, and photos.
He says at one time it was likely a protected, private database even on hacker forums, but was set to public and was readily available to anyone for about two weeks.Hackers routinely download user information like this or purchase it on the Dark Web, but the difference with this data is that it has some authenticity since it also contains Facebook user information. And, because it contains phone numbers, it means hackers might be able to set up more sophisticated attacks that could include both a phone scam and an email scam.
(Although Facebook stopped requiring phone numbers for 2FA enrollment last May , phone number-based 2FA can still be the most usable option for many people.) In response to a tweet from a Page administrator pointing out this critical problem, Facebook has been forced to respond to user concerns and media reports.
Facebook has come under fire in recent years because of what some perceive to be lax security protocols.The most famous incident is related to Cambridge Analytica and how that company had harvested user data from Facebook by using an app that appeared to be an academic survey.
This latest breach is much larger in scope. The survey collected data from 87 million users but this latest leak, according to the researcher, totals 267 million accounts.
There’s no new information about how users can find out if their data was hacked and if the database is still being shared on hacker forums.