Hackers have sold personal data from 267 Million Facebook users causing another major reputation blow on the tech giant. The data included email addresses, names, Facebook IDs, date of birth and phone numbers. No passwords were exposed but the exposed data can initiate a fresh cycle of phishing to unsuspected victims.
The data were sold on the dark web and hacker forums for $623.
HOW?
A security researcher discovered an unprotected Elasticsearch instance with the data from users mostly from the United States. The Elastic search instance was later removed by the ISP hosting it after being informed about the issue. Later on another instance of the data became known with the same data along with 42 million more.
This instance was taken down by hackers who left a message on the server warning the owners to keep their systems secure. The second database instance also included email addresses, date of birth and gender.
It is suspected that the data could have been stolen through third-party Facebook APIS.
We advise all Facebook users to be vigilant on any text messages and emails they receive in the near future.