NDTV ProfitBusiness NewsData on Hundreds of Millions of U.S. Facebook Users Exposed
ADVERTISEMENT

Data on Hundreds of Millions of U.S. Facebook Users Exposed

The data, mostly from U.S. Facebook users, was posted on a searchable database by a group that appeared to be based in Vietnam. 

23 Dec 2019, 03:20 PM IST
NDTV Profit
NDTV Profit
Data on Hundreds of Millions of U.S. Facebook Users Exposed
Privacy setting shortcuts are displayed on Apple Inc. iPhone 6 smartphone screen as a FaceBook Inc. logo is seen in this arranged photograph taken in London, U.K.(Photographer: Chris Ratcliffe/Bloomberg)  

(Bloomberg) -- Information on 267 million Facebook users, including user names, phone numbers and Facebook IDs, was exposed online, according to a cybersecurity researcher.

The data, mostly from U.S. Facebook users, was posted on a searchable database by a group that appeared to be based in Vietnam, said Bob Diachenko, the cyber threat intelligence director at Security Discovery, a Ukrainian cybersecurity website that offers news and consulting services. The Vietnamese group appeared to be charging for access to the data, but a flaw in their code inadvertently left the database open to all, he said.

A spokeswoman from Facebook Inc. said that the company was looking into the issue. She said the information was likely obtained before Facebook made changes in recent years to better protect people’s information.

It wasn’t known if any of the user information was accessed or sold by the Vietnamese group. Diachenko partnered with Comparitech, a website that seeks to help consumers research and compare tech services, to uncover the exposed data.

Of the affected users, 99% were from the U.S. and most of the others came from Vietnam, Diachenko said. He said he surmised that the group that was selling access to the information was from Vietnam because of the use of Vietnamese language and because the data -- its type and structure -- resembles that of other data breaches conducted by Vietnamese hackers.

The exposed information -- particularly if cross referenced with other databases -- could be used for sophisticated spam or phishing attacks, he said. “This is pretty significant because you can start getting a full profile of a person,” Diachenko said of the data.

Diachenko said he contacted the internet service provider hosting the database, and it was removed on Thursday.

To contact the reporter on this story: Alyza Sebenius in Washington at asebenius@bloomberg.net

To contact the editor responsible for this story: Andrew Martin at amartin146@bloomberg.net

©2019 Bloomberg L.P.

ALSO READ

How To Sign Up For BloombergQuint Story Notifications

Opinion
How To Sign Up For BloombergQuint Story Notifications
Read More
Get live Stock market updates, Business news, Today’s latest news, Trending stories, and Videos on NDTV Profit.
ADVERTISEMENT