The leak occurred because an incorrectly configured Elasticsearch server revealed data from Facebook users related to a previous violation.
In recent years, Facebook has fallen into a series of controversies: from the hegemony of social media on the Internet to scandals like Cambridge Analytica in 2018. Don’t forget that a hacker was found a few weeks ago, which sold 267 million Facebook users.
To resolve these issues, the company said it had taken certain steps, but despite this, this situation continues to emerge.
A security researcher, Bob Diachenko reported the latest situation in this episode. A team of security researchers led by Anurag Sen discovered data leak from 12 million Facebook users in Vietnam.
According to the researchers, the data was found on the Elasticsearch server; which includes records of past violations committed by Vietnamese users in January 2020.
However, not all Facebook, it is believed that there are several sources in operation. Furthermore, it is not known how the criminal managed to scratch such a large number of parts.
The data over 3GB include Personally Identifiable Information (PII), with the following entries:
- Full name
- Hometown location
- Current location
- Education details
- Birthdates
- GPS coordinates
- Email addresses
- Facebook usernames and IDs
- Profile scores
- Facebook usernames and IDs
- Family relations with other Facebook users
This is a preview of the data breaches provided by security detectives:
All of this will have a significant impact. For example, an attacker will blackmail a victim with personal data, carry out sophisticated phishing attacks using social engineering; and send maliciously and marketing messages to users.
However, this is not the case, and even GPS coordinates can be used to show if someone is interested enough in an attacker, which threatens their security to some extent.
In general, the server is currently down. Currently, we believe that Facebook still needs to improve its manual testing function again; and we are verifying data that third parties have access to even for legitimate purposes.
As users, believing that everything is intrusive, we can limit the types of information transmitted to any website. Additionally, we have not heard Facebook’s reaction to these latest disclosures and will continue to update your information.
