Sunday, May 24, 2020

Misconfigured Elasticsearch server leds to exposure of Facebook user's personal data

The leak came after a misconfigured Elasticsearch server exposed Facebook users’ data involved in a previous breach.
For the last few years I have been complaining about guarantee of the security of personal data of Ugandans/Africans using Facebook and other social media platforms, Facebook has been embroiled in a range of controversies ranging from the social network’s hegemony over the internet to scandals like that of Cambridge Analytica in 2018. Not to forget just a few weeks ago a hacker was found selling personal data of 267 million Facebook users .
To tackle these, the company claims to take certain measures but despite that, slips here and there have continued to occur.
The latest in this episode was reported by Safety Detectives whose research team headed by Anurag Sen discovered that the data of 12 million Facebook users based in Vietnam has been leaked.
According to the researchers, the data was found on an Elasticsearch server and includes records found in a previous breach of Vietnamese users in January 2020.
However, not all of it is from Facebook and multiple sources are believed to be at play. Further, the details of how the perpetrators managed to scrape such a large amount are not known yet.
Amounting to over 3GB, most of the data includes personally identifiable information (PII) with the following records:
Full name

  1. Hometown location
  2. Current location
Education detail
Birthdates
  1. GPS coordinates
  2. Email addresses
  3. Facebook usernames and IDs
  4. Profile scores
  5. Facebook usernames and IDFamily relations with other Facebook users

Here is a preview of the leaked data shared by Safety Detectives:

In their blog post , Safety Detectives raised concerns on the data breach saying that,

"Facebook decided to lock down some of its API functions, including data scraping, in order to make this practice more difficult to conduct and blocked users from using its reverse search tool. […] Clearly, there are still data-scraping vulnerabilities that can be exploited, especially where there is a mismatch of security protocols being implemented by third-party websites and Facebook."

All of these can have significant repercussions such as the attackers
blackmailing the victims with personal details, conducting sophisticated phishing attacks aided by social engineering, spamming users with both marketing and malicious messages.
But, that’s not it, even physically endangering someone’s security through the GPS coordinates revealed if they represent enough interest to the attackers.
To conclude, for the time being, the server has been taken down. Currently, we believe that Facebook yet again needs to ramp up its pen-testing capabilities and do a review of the data it allows third parties to access even for legitimate purposes.
As users, we can limit the type of information we share with any website considering that everything is hackable. Moreover, we are yet to hear Facebook’s reaction to these latest revelations and will keep on updating you.

No comments:

Post a Comment