Trying to verify the data and add it to the company's breach alert service, the researchers bought the database for 500 XNUMX.
The database entries contained its user IDs Facebook, which are unique, public numbers associated with specific accounts, full names, email addresses, phone numbers, timestamps showing last login, relationship status and age.
How did the data leak? In a post, Cyble said it did not know, but its investigators suspect the files could have come from either a leak in its developer API. Facebook or from some scraping: the automatic collection of available data that you publish yourself Facebook or on other social networks.
However, the story does not stop there. In fact, it does not even start there. It turns out that the same database had been released in the past. It was spotted by security researcher Bob Diachenko and deleted by the host ISP. Reappeared, larger with another 42 million registrations on another server.
It was then destroyed by strangers who replaced the personal data with virtual data and left the message: "please_secure_your_servers".
Diachenko partnered with comparison and research site Comparitech on the project last month. Comparitech said the database had been exposed for nearly two weeks, freely available online without any password protection.
Timetable giving Comparitech:
December 4, 2019: The database is indexed by search engines for the first time.
December 12, 2019: The data was published for download in a hacking forum.
December 14, 2019: Diachenko discovered the database and immediately sent a report to the ISP managing the server's IP.
December 19, 2019: Access to the database stopped.
March 2, 2020: A second server containing identical data plus another 42 million was indexed by the BinaryEdge search engine.
March 4, 2020: Diachenko discovers the second server and notifies the hosting provider.
March 4, 2020: The server was attacked and destroyed aby unknown hackers.
The original database contained 267.140.436 records mainly by its users Facebook in the USA. Diachenko said all the files appeared to be valid. The same registrations existed on the second server in March 2020, but this time, there were 42 million additional registrations.
Comparitech reported that 25 million of the new files contained similar information: IDs Facebook, phone numbers and usernames. However, the 16,8 million records had even more, such as gender, email address, date of birth and other personal data.
Both Cyble researchers and Diachenko himself do not know how leakage, but both agree that it could be from a security vulnerability in its third-party API Facebook that existed before the platform restricted access to phone numbers, or that allows malicious users to steal user IDs and phone numbers even when Facebook restrict access to the API.
Both Cyble and Diachenko argue that alternatively, the leak may come from scraping, which is a good reason to reconsider how much data you disclose publicly to Facebook.
In other words …
Stop exposing yourself!