Since the Cambridge incident last year, well-known social networking Facebook has been leaking constantly, this year will end soon, but Facebook has still not been able to stop the leak. According to information released by independent security researcher Bob Diachenko, a server storing user data on Facebook was exposed on the public network and no verification measures were performed. This means that as long as someone accesses this server, they can directly download data without logging in. The stored data is mainly the user’s account, name, and mobile phone number.
The security researcher discovered the exposed server on Facebook on December 14. Although Bob quickly contacted Facebook for feedback, he was unable to stop the data leak. Because this data server has been exposed to the public network for two weeks, during this period, anonymous users have accessed this server and downloaded the contained data. After receiving feedback from researchers, Facebook chose to take this server offline directly. At the same time, hackers in underground hacker forums have started touting this data. Although it is unclear whether anyone will buy it, it is clear that Facebook users’ real names and mobile phone numbers may become the scramble for advertisers and scammers.
A Facebook spokesman for the data breach said the company was investigating the issue and also said the data might have been collected before adjusting security measures. Earlier, Facebook adjusted its security policy to prevent third-party advertisers and developers from obtaining user mobile phone numbers. After this adjustment, it will be more difficult to obtain mobile phone numbers. Of course, it is not clear whether the users involved in the data breach are from the United States or other countries, but it is estimated that there will be follow-up investigations by data regulators soon.