KIEV, Dec 21, (AP): A Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users – nearly all US-based – on the open internet. That data was likely harvested by criminals, said researcher Bob Diachenko, an independent security consultant in Kyiv. The database, which Diachenko discovered with a search engine, was freely accessible online for at least 10 days beginning Dec 4, he said. He notified the internet provider where it was hosted when he found it on Dec 14; five days later it was no longer available.
Diachenko said someone downloaded the database to a hacker forum two days before he discovered it so it may have been shared among online thieves. He first reported the finding Thursday in partnership with the UK tech news website Comparitech, which editor Paul Bischoff said has been helping write up Diachenko’s discoveries of unsecured databases for about a year. The researcher provided the AP with a 10-record sample from the database and the IDs – and two phone numbers that were answered – checked out against real Facebook users.
The evidence suggests the data was collected illegally, most likely by criminals in Vietnam who may have “scraped” it from public Facebook pages or by somehow obtaining privileged access to the service. Scraping is automated data-harvesting done by bots.
A small fraction of the database include details on Vietnam-based users. Diachenko said he did not share the database with Facebook, which did not directly confirm the finding. In a statement, the social network said it was investigating the issue and that the finding “likely” involved information obtained before Facebook took unspecified data-protection measures in recent years. In 2018, the social media giant disabled a feature that allowed users to search for one another via phone number following revelations that the political firm Cambridge Analytica had accessed information on up to 87 million Facebook users without their knowledge or consent.
Diachenko said he had not determined when the data was collected. He said all the records had time stamps from January to June 2019 but that it was unclear who generated them. Twitter has identified and removed nearly 6,000 accounts that it said were part of a coordinated effort by Saudi government agencies and individuals to advance the country’s geopolitical interests. Facebook said some of the accounts used profile photos generated by artificial intelligence and masqueraded as Americans. It is one of the first such misinformation efforts to use material generated by AI.
Tech companies have stepped up efforts to tackle misinformation on their services ahead of next year’s US presidential elections. The efforts followed revelations that Russians bankrolled thousands of fake political ads during the 2016 elections to sow dissent among Americans. Twitter’s and Facebook’s announcements underscore the fact that misinformation concerns aren’t limited to the US and Russia.
In a blog post Friday, Twitter said the removed Saudi accounts were amplifying messages favorable to Saudi authorities, mainly through “aggressive liking, retweeting and replying.” While the majority of the content was in Arabic, Twitter said the tweets also amplified discussions about sanctions in Iran and appearances by Saudi government officials in Western media. “Governments have started to launch influence campaigns the same ways commercial enterprises launch campaigns to sell detergent or cars,” said James Ludes, a national defense expert who teaches international relations and public policy at Salve Regina University in Rhode Island.
He said the Russian efforts in 2016 showed it was possible to “actually change public attitudes through the targeted use of social media.” While the attempts to root out the campaigns may seem like a game of whack-a-mole, he said companies have at least shown progress in taking steps to identify and root out manipulation campaigns run by foreign powers. Twitter began archiving tweets and media it deems to be associated with known state-backed information operations in 2018. It shut 200,000 Chinese accounts that targeted Hong Kong protests in August.