The Safety researchers at Security Detectives discovered an exposed Elasticsearch server that had scraped information from 12 million Facebook users in Vietnam a couple of years back.

This incident had prompted questions about digital firms’ corporate security practices, such as Facebook’s. The fact that the leaked data has a volume of up to 3GB was concerning. According to the Security Safety experts, the unearthed personal data included a full title, e-mail address, Facebook username and ID, delivery dates, hometown, current location, GPS coordinates, profile scores, household relations from various Facebook customers, and much more.

However, after researchers disclosed the massive breach, Facebook took down the leaked server to quell the uproar.

“The information uncovered by our study is in addition to what has already been disclosed, adding another 12 million records to the record. Many, though not all, of the entries, had complete details of personally identifying information (PII) obtained from a variety of sources, including Facebook. “We still have no idea who is ultimately responsible for this scrape or how they were able to conduct out such a thorough and intrusive operation,” the researchers acknowledged in their statement.

Scraped Information

Scraping knowledge from many websites has become a common method for extracting clients’ personal information. Customers’ information is often scraped by third-party distributors, enterprise intelligence researchers, web builders, and legitimate businesses for various market analysis purposes. Customers can use their current Facebook login credentials to access third-party websites, according to social media companies such as Facebook. However, this training may enable unauthorized risk actors/customers to commit hostile acts, such as identity theft and financial fraud.

Vietnam vs. Facebook

The most remembered data breach in Vietnam two years back is followed by Facebook’s data, which had raised “privacy” concerns in Vietnam. An unencrypted public database with over 267 million Facebook user names, IDs, and contact information was placed online in December 2019 without password encryption or protection. The situation was caused by unethical and unlawful scrapping operations and Facebook API exploitation by Vietnamese cybercriminals, according to a researcher named Bob Diachenko. Furthermore, the unsecured information was obtained by posting it on a hacker chat board.

In 2018, the social media giant spilled millions of clients’ private information online in a similar leaky server disaster. Such a large database – with 419 million client records worldwide and over 50 million Vietnamese records – necessitated more sophisticated data security procedures.

Facebook was chastised by the Vietnamese government for breaking the country’s cybersecurity laws. According to the government, Facebook illegally allowed customers to post anti-government comments on the website and failed miserably in monitoring their online content, tax liability, and internet advertising.

Cyble, a cyber security firm, detected hackers selling over 267 million Facebook data for £500 (US$623) on hacker boards and dark websites in a similar incident. According to Cyble, the data contains information that might be used by attackers to launch SMS attacks or spear-phishing campaigns to obtain passwords.

So, the time is up for companies who have not yet put their foot strong in their security game. It’s time to prioritise security over everything else in the companies.

For more blogs checkout: Blogs