Survival Update

The world is yours

Massive Data Breach Exposes 267 Million Facebook Users… Again

It would appear Facebook honcho Mark Zuckerberg has once again put millions of FB subscribers unwittingly at risk, after using his massive social media platform. This time on an unsecured database on the “dark web,” for an astounding two weeks before the breach was discovered, exposing 267 million American user’s names, personal IDs, and phone numbers.

According to reports, the data dump was discovered by a cyber-security firm called Comparitech, along with security annalist researcher Bob Diachenko who discovered the data dump around December 14th and immediately reported it to the internet service provider managing the IP address as he suspected the data belonged to a criminal organization.

Though the database is no longer available online as of Thursday, it is possible that it was copied elsewhere prior to being taken down, Comparitech warned, noting that all the data appeared to be valid.

A Facebook spokesperson confirmed to that the database had been taken down and said: ‘We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.

The social media giant is still reeling from a massive security breach in September in which more than 400 million user phone numbers were exposed.

This latest leak of sensitive information was compromised, experts speculate through an illegal process traced back to Vietnam, called ‘scraping’ – where automated bots copy public information from Facebook profiles.

Diachenko also speculated, “Facebook’s API could also have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted.”

The “leak” captured more than 267 million records exposed included a full name, phone number, timestamp, and unique Facebook ID.

A spokesman for Comparitech acknowledged that Facebook IDs are unique, public numbers associated with specific accounts, which can be used to determine an account’s username and other profile information, according to Comparitech.

“A database this big is likely to be used for phishing and spam, particularly via SMS. Facebook users should be on the lookout for suspicious text messages,” Comparitech wrote.

Adding, “Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”

In another monumental breach by Facebook, this one including the subscribers from the United States, Britain and Vietnam, in which a total of over 200 million phone numbers were leaked online because the server wasn’t protected with a password, thus anyone could find and access the database.

TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. “We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.”

Some of the records also had the user’s name, gender, and location by country.

However, some countries are fighting back against Facebook’s slipshod approach to security by instituting and tightening privacy laws. One such country is India.

According to a report by Reuters, a new user privacy law in India is facing fierce opposition from companies like Facebook and Google.

India’s privacy bill was designed to protect the private data of social media users, making it difficult for the likes of Facebook or Google to sell private user data, without running afoul of the law.

“The plans signal India’s privacy bill could deepen bilateral strains. Washington has been upset with new stringent data storage rules that affect credit card companies and has also protested against e-commerce rules which have hurt firms such as Inc (AMZN.O),” the report reads.

Breitbart News reported in September that U.S. District Judge Vince Chhabria argued that Facebook’s view of user privacy is “so wrong.”

“Facebook’s motion to dismiss is littered with assumptions about the degree to which social media users can reasonably expect their personal information and communications to remain private. Facebook’s view is so wrong,” Chhabria wrote.