A database was searchable on the internet containing the names and telephone numbers of more than 267 million, mainly American, Facebook users, claims the site Comparitech. The database would have been online for two weeks.
In total, the Elasticsearch cluster contained 267,140,436 records, each of which contained a unique Facebook ID, phone number, full name, and timestamp. The server had a login dashboard with Vietnamese text. Comparitech and security researcher Bob Diachenko report on the find.
After reporting the server’s IP address to the provider on December 14, the server was taken offline on December 19. On December 12, however, the database already appeared as a download on a hacker forum. It is not known how old the data is and how it was leaked.
Diachenko mentions the scenario that the data was obtained via a developer API, before Facebook blocked access to telephone numbers via this API in 2018. Another option is that the data has been scraped via public Facebook pages.