A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication.
A security researcher Bob Diachenko was the man who discovered the data. Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.
What data was exposed
The information contained in the database could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users.
A total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:
A unique Facebook ID
A phone number
A full name
The server included a landing page with a login dashboard and welcome note.
Facebook IDs are unique, public numbers associated with specific accounts, which can be used to discern an account’s username and other profile info.
How to avoid your profile to be scrapped?
Facebook users can minimize the chances of their profiles being scraped by strangers by adjusting their account privacy settings:
1. Open Facebook and go to Settings
2. Click Privacy
3. Set all relevant fields to Friends or Only me
4. Set ”Do you want search engines outside of Facebook to link to your profile to No
This will reduce the chances of your profile being scraped by third parties, but the only way to ensure it never happens again is to completely deactivate or delete your Facebook account.