A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication.
Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.
The information contained in the database could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users.
Diachenko immediately notified the internet service provider managing the IP address of the server so that access could be removed. However, Diachenko says the data was also posted to a hacker forum as a download.
The database was exposed for nearly two weeks before access was removed.
MacDailyNews Take: Regardless of whether it was API abuse, scraping, or something else, now the tech-illiterate mass media will again lump Apple in along with insecure, privacy-trampling the Facebooks and Googles of the world. For that reason, Apple should be continuously running a significant privacy campaign and have marketing materials in hand to bolster their message and educate the general public, and the media, whenever these breaches happen.