Security Discovery, a Ukrainian cybersecurity website that offers news and consulting services, has revealed that information on 267 million Facebook users has been exposed online. The confidential records were reportedly first made available on Dec. 4 and were found published on a hacker forum on the dark web eight days later. The internet service provider hosting the database has since removed it.
Bob Diachenko, the cyber threat intelligence director at Security Discovery, said that 99 percent of the affected users were from the U.S., while most of the others came from Vietnam. A group that appeared to be based in Vietnam appeared to be charging for access to the data, but a flaw in their code inadvertently left the database open to all. The compromised information included user names, phone numbers, and Facebook IDs.
It is not yet clear how the information was accessed. The use of Vietnamese language by the group that was selling access to the information and the resemblance to other data breaches conducted by Vietnamese hackers are the main indications that the group is from Vietnam, but the exact group remains unknown. A spokeswoman from Facebook Inc. said that the company was looking into the issue.
This month’s breach doesn’t appear to be as bad as the Cambridge Analytica scandal, which saw the unauthorized use of the personal data of nearly 90 million Facebook users to better target them with political ads during the 2016 presidential election. The private photos of nearly 7 million users were accidentally exposed in 2018 due to a bug in Facebook’s system. A Facebook spokesperson said that the latest breach likely occurred before Facebook made changes in recent years to better protect people’s information.