For a few weeks, the data of hundreds of millions of Facebook users was freely accessible on the Internet in a way that could not be explained exactly. However, these probably did not come from a recent incident.
Security researchers came across the database a few days ago, which, without access protection, could basically be accessed by anyone who stumbled across the address or was actively scanning for such access. In total, the data volume here is said to have 267 million accounts. Each contained information that is often not publicly available on Facebook.
In addition to names and user IDs, the respective telephone numbers were also available. According to the findings of the security researchers, the information has been accessible since December 4.
Yesterday access was switched off by the operators of the server, which subsequently led to the publication of the report led – after all, the discoverers did not want to draw the general public’s attention to the collection itself.
Abuse potential increases
The way in which the database was composed led to the conclusion that the information was retrieved via the developer interface and stored in the separate database. Such access is no longer possible today. Facebook had significantly curtailed this option as a lesson from the scandal surrounding the Cambridge Analytica company and now offers external developers significantly more limited options for target group analysis.
Basically, making collections of names associated with phone numbers public isn’t exactly the biggest data protection issue we’ve seen in recent months. After all, this does not seem to go beyond the range of classic telephone books.
However, the potential for misuse of such data has increased significantly in recent years – especially since the communication channels for two-factor authentication can also be reconstructed in conjunction with other databases.