Facebook Breach Exposes Personal Data of 256M Users

The data appears to have been accessed by a hacking group based out of Vietnam, cybersecurity experts believe. Of the affected users, 99 percent were from the U.S. and most of the others came from Vietnam.

by Alyza Sebenius, Bloomberg News / December 23, 2019
Shutterstock

(TNS) — Information on 267 million Facebook users, including user names, phone numbers and Facebook IDs, was exposed online, according to a cybersecurity researcher.

The data, mostly from U.S. Facebook users, was posted on a searchable database by a group that appeared to be based in Vietnam, said Bob Diachenko, the cyberthreat intelligence director at Security Discovery, a Ukrainian cybersecurity website that offers news and consulting services. The Vietnamese group appeared to be charging for access to the data, but a flaw in their code inadvertently left the database open to all, he said.

A spokeswoman from Facebook Inc. said that the company was looking into the issue. She said the information was likely obtained before Facebook made changes in recent years to better protect people’s information.

It wasn’t known if any of the user information was accessed or sold by the Vietnamese group. Diachenko partnered with Comparitech, a website that seeks to help consumers research and compare tech services, to uncover the exposed data.

Of the affected users, 99 percent were from the U.S. and most of the others came from Vietnam, Diachenko said. He said he surmised that the group that was selling access to the information was from Vietnam because of the use of Vietnamese language and because the data — its type and structure — resembles that of other data breaches conducted by Vietnamese hackers.

The exposed information — particularly if cross referenced with other databases — could be used for sophisticated spam or phishing attacks, he said. “This is pretty significant because you can start getting a full profile of a person,” Diachenko said of the data.

Diachenko said he contacted the Internet service provider hosting the database, and it was removed on Thursday.

©2019 Bloomberg News Distributed by Tribune Content Agency, LLC.

Platforms & Programs