An Elasticsearch database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication.
According to a Comparitech report, Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. Diachenko believes the database is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence. In addition, Diachenko immediately notified the internet service provider managing the IP address of the server so that access could be removed, but the data had already been posted to a hacker forum as a download.