For SALE on the darkweb: more than 300 Million Facebook User IDs, Names and Phone Numbers

A database containing more than 300 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without authentication. Security researchers found out that the database is now available on the darkweb for just 500 Euro or roughly around P27,500 pesos.
Just this March, Security Researcher Bob Diachenko discovered an Elasticsearch Cluster containing more than 267 million Facebook user IDs and phone numbers. After a few days, a second compromised server was exposed by what appears to be the same criminal group. The server contains 42 million records including profile details, emails, and other personal information.
Elasticsearch is a distributed, open-source search and analytics engine for all types of data, including textual, numerical, geospatial, structured, and unstructured. It is commonly used by seasoned cybersecurity professionals for security and business analytics.
According to Diachenko, the data is the result of an illegal scraping activity by abusing Facebook API to collect data.
The Second Server was attacked immediately after the first and data were replaced by dummy entries with database name "please_secure_your_servers".
If you think your account is among those that are compromised which is very likely, you need to change your password and secure your account immediately.
A password is the first line of defense against intruders. This is the reason why users need to protect and secure passwords.
Here’s how to make a strong password and how to secure Facebook accounts.
1. Use 12 Characters, Minimum. 2. Include Numbers, Symbols, Capital Letters, and Lower-Case Letters. 3. It should not be found in a Dictionary or a Combination of Dictionary Words.
4. Use Two Factor Authentication, it is an extra layer of security that requires not only a password and username but also something that only have. 2FA would make it more difficult for potential intruders to gain access to your account.
To activate 2FA on Facebook follow these steps:
First, you need an authentication method for 2FA to work. Download a third-party authenticator, it’s an app that when connected to Facebook would generate random numbers that would be accepted by FB after entering your password.
If you’re using a desktop:
1. click the inverted triangle at the rightmost part of the FB screen then click settings. 2. click security and login at the left side of the screen, you can find it just below the general tab. 3. scroll down and select use two-factor authentication. 4. follow instructions. You can also use your phone for 2FA.
If you’re using a cellphone:
1. On your profile page click that three dots just below your profile Pic. Click view privacy shortcuts. 2. Click more settings 3. Click Security and login 4. Select Use two-factor authentication. 5. Follow the instructions.
Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.
Again, for additional protection, you need to turn on two-factor authentication (2FA). The six-digit codes that you receive on your phone or generated via an app are a minor inconvenience to you but are usually a huge barrier for the crooks because just knowing your password alone is not enough.