In December 2019, Hackread.com reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) users. These records mostly belonged to users in the United States and included Facebook profiles, full names, a unique ID for each account and timestamp, etc.

In latest blow to Facebook, 540 million user records exposed by...

Download: https://urlgoal.com/2vG1iv

Yes, according to IT security firm Cyble, hackers are selling 267 million records of Facebook users on a hacker forum. Cyble is the same company who a few days ago discovered half a million authentic Zoom accounts being sold on the dark web.

Since Facebook is now new to data breaches and security mishaps, in March 2019, it was revealed that the company stored 600 million user passwords in plain text that were exposed to more than 20,000 employees.

For transparency, this list has been calculated by the number of users impacted, records exposed, or accounts affected. We have also made a distinction between incidents where data was actively stolen or reposted maliciously and those where an organization has inadvertently left data unprotected and exposed, but there has been no significant evidence of misuse. The latter have purposefully not been included in the list.

In April 2019, it was revealed that two datasets from Facebook apps had been exposed to the public internet. The information related to more than 530 million Facebook users and included phone numbers, account names, and Facebook IDs. However, two years later (April 2021) the data was posted for free, indicating new and real criminal intent surrounding the data. In fact, given the sheer number of phone numbers impacted and readily available on the dark web as a result of the incident, security researcher Troy Hunt added functionality to his HaveIBeenPwned (HIBP) breached credential checking site that would allow users to verify if their phone numbers had been included in the exposed dataset.

When a data breach occurs, sensitive data can be stolen and sold on the dark web or to third parties. Here are some of the biggest data breaches in history that led to the exposure of millions of user records.

Initially, Yahoo reported stolen data from about 1 billion accounts. However, after Verizon bought out Yahoo in 2017, they reported that the final number of records totaled about 3 billion accounts affected. Not only was Yahoo slow to react, but the company also failed to disclose a 2014 incident to users, which resulted in a $35 million fine and, in total, 41 class-action lawsuits.

Exactis, a Florida-based marketing firm that collects and sells data on businesses and consumers, reportedly exposed a database containing 340 million individual records. Initially discovered by security researcher Vinny Troia, he found the entire Exactis database on a public network that was completely unsecured and accessible to everyone.

In December 2018, a massive data breach hit 16 different websites, affecting over 617 million stolen accounts. Dubsmash was the most prominent victim, having over 162 million user records compromised on the dark web. The stolen data included:

On January 2, 2019, Abine, the company behind the Blur password manager and the DeleteMe online privacy protection service, announced a major data breach that compromised the personal data of almost 2.4 million Blur users. The hackers gained access to an unsecured server and exposed a file containing 2.4 million user names, email addresses, password hints, IP addresses, and encrypted passwords.

A flaw within the online video game Fortnite exposed players to being hacked. According to the security firm Check Point, who discovered the vulnerabilities, a threat actor could take over the account of any game player, view their personal account information, purchase V-bucks (in-game currency), and eavesdrop on game chatter. Fortnite has 200 million users worldwide, 80 million of whom are active each month.

Two third-party applications which hold Facebook datasets were left exposed to the public online. Over 540 million records, including account names, Facebook ID, and user activity were exposed through Cultura Colectiva. The second application, At the Pool, disclosed passwords along with information regarding photos, events, groups, check-ins and more.

The most recent of these incidents happened in April this year. Security researchers discovered over 540 million records containing information about Facebook users on a server without a password. This information included comments, user names, likes and reactions. Given the lack of security measures, anyone could have accessed it.

A database of a huge number of Instagram influencers, big names, and brand records containing their data including contact subtleties were found openly available on the web. It had over 49 million records of Instagram users and was traced back to social media marketing firm Chtrbox.

Cultura Colectiva, one of two third-party Facebook app developers, left 540 million records which including comments, likes, reactions, account names, and more in stored on the Amazon S3 storage server without a password. Although the data breach did not make the headline like the Cambridge Analytica scandal on Facebook, it affected a lot of users and ranked first in our list.

Raychat, founded in 2017, has tried to make a name for itself as a business and social messaging app. The Iranian company recently suffered a large data security breach in which millions of its user records were exposed to the internet and then destroyed by a cyberattack involving a bot.

A leaky server is said to blame for allowing access to 12.5 million records of pregnant women. The records were finally removed after being exposed for three weeks. Patient records are said to date back to 2014, and include detailed information on women that underwent ultrasound scans, amniocentesis, and other genetic testing. The database belonged to Department of Medical, Health and Family Welfare of a state in northern India.

The American Medical Collection Agency (AMCA) was hacked last year starting in August 2018 through March 2019. The resulting hack resulted in the theft of information from corporate clients such as Quest Diagnostics, LabCorp, BioReference and others. This theft exposed the records of some 20 million US citizens.

In this attack, over 2.9 million users had their personal health information (PHI) exposed. Information like SSNs, email addresses, bank accounts and routing numbers, dates of birth, among other sensitive information. More here.

DoorDash, a food delivery service, said it became aware of a five-month data leak when it noticed suspicious activity from a third-party provider. DoorDash reports that 4.9 million users may be affected. Data exposed includes the last four digits of payment information, names, email addresses, delivery addresses, order history, phone numbers, and encrypted passwords.

2015 offered us details about new data leaks in which Anthem, a health insurer from the US, fell was hit by hackers and exposed up to 80 million records of US citizens. The company agreed to pay the US government a record $16 million HIPAA settlement.

This case is recent, huge, and devastating. In May 2019, it emerged that First American Financial Corporation, a real estate and insurance giant, exposed 885 million sensitive financial records of its clients. This included Social Security numbers, bank account numbers, bank statements, mortgage records, tax documents, wire transfer receipts, and photos of driver's licenses dated back to 2003.

Marketing and data aggregation company Exactis accidentally exposed a database it held containing nearly 340 million individual records. The company had placed the database on a publicly accessible server, meaning anyone who knew where to look could view the data.

The biggest data breach to affect MongoDB users so far came in 2019, where an 854Gb MongoDB database was left open, with no password or login details required for access. As a result, 202million CVs from Chinese job seekers were exposed, containing a range of personal data, including names, addresses, phone numbers, emails and more.

In December 2019, it was discovered that the names, phone numbers and user IDs of 267 million Facebook users had been exposed in an online database. The database was completely unsecured, meaning anyone who knew where it was could access the data it contained without needing to enter a password or any other kind of security details.

CAUSEThis was an especially bad year for Facebook as Instagram, the photo/video sharing social network it acquired, had one of its business partners expose an AWS database with almost 50 million records from their users. With no password required to access the data, the database, which was growing by the hour, contained data users shared publicly such as bios, profile pictures, number of followers, etc. More concerning, those records were linked to private data as well, such as email addresses and phone numbers. Among the records were many high-profile celebrities and influencers. Unlike the previous Facebook exposure, this data was fresh and new records were coming in.

Unintentional insider threat occurs in all industries. In a recent case coming out of Silicon Valley, 540 million records containing information on Facebook users and their activities were left unprotected because of misconfigured AWS S3 buckets belonging to third parties Cultura Colectiva and At the Pool. Farther afield, bad system management, a lack of employee training, and network flaws and misconfigurations allowed hackers to successfully breach the health data of 1.5 million Singaporeans including its prime minister. 2ff7e9595c