Researcher Finds Unsecured Information on Millions of Facebook Users

In this August 11, 2019, file photo an iPhone displays a Facebook page in New Orleans. A Ukrainian security researcher says a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users was exposed on the internet. (AP Photo/Jenny Kane)

Your browser doesn’t support HTML5

Researcher Finds Unsecured Information on Millions of Facebook Users

A Ukrainian security researcher has reported finding a database with the information of more than 267 million Facebook users on the open internet, the Associated Press reports.

The data includes names, phone numbers and other identifying information. Nearly all of the users were based in the United States.

Bob Diachenko is an independent security researcher in Kyiv. He told the Associated Press, or AP, that criminals likely collected this data.

Diachenko said he discovered the database using a search engine. The database was freely accessible on the internet for at least 10 days beginning on December 4. He informed the internet provider which hosted the database on December 14 when he found it. Five days later it was no longer available.

Diachenko said someone downloaded the database to a special group website two days before he discovered it. Hackers, or people who secretly get access to computer systems in order to get information or cause damage, use that website. So the database may have been shared among criminals.

Paul Bischoff runs the British technology news website Comparitech. It partnered with Diachenko to report his findings earlier this month. Bischoff has been writing about Diachenko’s discoveries of unsecured databases for about a year.

The researcher provided the AP with 10 examples from the database. This included unique user identifications, or IDs, and two phone numbers that were answered, all of which were linked to real Facebook users.

The evidence suggests it was most likely criminals in Vietnam who illegally collected the data. They may have “scraped” it from public Facebook pages or by somehow getting special, high-level access to the service. Scraping is automated data-gathering done by computer programs. A small part of the database includes details on Vietnam-based users.

Diachenko said he did not share the database with Facebook, which did not directly confirm the finding. In a statement, representatives for the social media company said it was investigating the issue. They wrote that the finding “likely” involved information gathered before Facebook took some data-protection measures in recent years. The company did not say what those measures were.

In 2018, the company stopped permitting users to search for one another using their phone numbers. It did so after news spread that the political agency Cambridge Analytica had accessed information on up to 87 million Facebook users without their knowledge or permission.

Diachenko said he had not confirmed when the data was collected. He said all the records appeared to be from January to June of 2019. He added that it was unclear who created them.

Security experts say the affected Facebook users are at higher risk of facing password-stealing attacks and identity stealing attempts. The information can be matched with physical and email addresses and other data collected illegally. Facebook user IDs are unique numbers linked with individual accounts.

In September, the news site TechCrunch reported that a researcher found Facebook IDs and phone numbers for more than 400 million users online.

In March, Facebook admitted that it had left hundreds of millions of user passwords readable by its employees for years after a security researcher reported on it.

I’m Pete Musto.

Frank Bajak reported this story for the Associated Press. Pete Musto adapted it for VOA Learning English. Mario Ritter, Jr. was the editor. Write to us in the Comments Section or on our Facebook page.

_______________________________________________________________

Words in This Story

accessibleadj. able to be used or obtained

host(ed) – v. store a website or other data on a server or other computer so that it can be accessed over the Internet

download(ed) – v. to move or copy a file or program from a usually larger computer system to another computer or device

uniqueadj. used to say that something or someone is unlike anything or anyone else

automatedadj. made to run or operate by using machines and computers instead of people to do the work

passwordn. a secret series of numbers or letters that allows you to use a computer system

address(es) – n. the words and numbers that are used to describe the location of a building, or the letters, numbers, and symbols that are used to direct an e-mail message or to show the location of a site on the Internet

account(s) – n. an arrangement in which a person uses the Internet or e-mail services of a particular company