Despite FTC's $5 billion fine for privacy violations and a lot of flak from the general public, Facebook's security issues aren't just coming to an end.
Just recently, the company had admitted the possibility of leaking group member information to dozens of developers. And now, in another scary case, confidential information of over 26 crore of its users has been exposed.
Here's what happened.
Database of 26.7 crore Facebook records
A few days back, Comparitechand security researcher Bob Diachenko unearthed a database of 26.7 crore Facebook records on a server.
The information was being exposed publicly, which anyone who knew where to look could have accessed without any password/authentication.
Either way, the researcher promptly reported the matter to the ISP managing the IP address of the server and got the database pulled.
What kind of information the database contained
The database contained plenty of information related to Facebook users, including their user IDs - the unique number that can be used to open specific profiles - phone numbers, and full names.
Notably, the information was posted on December 4 and was accessible for a period of about two weeks before being removed. It was even shared on a hacker forum during this time.
This makes people a target of phishing scams
With phone numbers, names, and Facebook IDs, potential threat actors could study a person and then target them with well-planned scams aimed at carrying out financial or identity fraud.
How this information was exposed?
While it remains unclear how this data was exposed, Diachenko believes that the evidence mined from the information indicates that it was either the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam.
Meanwhile, Facebook says that is looking into the matter but believes that the information in question had leaked before they bolstered account data security for users.
Here's the full statement of Facebook's spokesperson
"We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information," a Facebook spokesperson told Engadget while speaking on the matter.
When will Facebook's debacles end?
The latest leak marks another case highlighting Facebook's poor grip at data protection.
The social network has compromised the personal information of hundreds of millions of people - through not just Cambridge Analytica or the breach that happened last September but also several third-party errors.
It has promised a secure, more private future but these leaks/breaches aren't making that great of an impression.