Massive leak leaves 267 million Facebook users' data exposed

By published

Mark Zuckerberg in front of the Facebook logo
Mark Zuckerberg in front of the Facebook logo (Image credit: Android Central)

What you need to know

  • A massive data leak affecting 267 million Facebook users was publicized this week.
  • The database was exposed on the internet and accessible without any authentication or password requirements.
  • It contained users' IDs, phone numbers, and real names.

While Facebook's busy making its own OS, millions of the company's users' data has been leaked, thanks to one of the largest data leaks in the company's history.

Cybersecurity firm Comparitech and researcher Bob Diachenko say they've found a database containing the Facebook IDs, phone numbers, and names of 267 million users on the web. The database, they claim, was entirely exposed on the internet and did not require a password or any other form of authentication to access.

They posit that the origins of the database probably lie in Facebook API abuse by criminals in Vietnam or an illegal data scraping operation. While Diachenko immediately notified the ISP hosting the data, he warns that it was available for two weeks before it was removed. It was also available as a download on a hacker forum.

Facebook, which previously suffered from data breaches affecting 30 million and 419 million users in 2018 and 2019, respectively, responded to the incident as follows:

We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information.

As Comparitech points out, this is likely in reference to change Facebook made to its API that previously allowed app developers access to users' phone numbers.

The data could eventually be used for mass phishing campaigns due to its inclusion of phone numbers, so users would be well advised to be suspicious of any text messages or emails asking for your password or other sensitive information. Comparitech also suggests changing all the fields in Facebook's privacy settings to "Only friends" or "Only me" and disabling the ability of search engines to link to your profile in order to prevent your data from being scraped by bots.

Facebook was the most downloaded app of the decade

Muhammad Jarir Kanji
Muhammad Jarir Kanji
12 Comments
  • Lol at all you who use the 'book!
  • A-hole much...? What a nasty mentality!
  • Isn't that how everyone uses it anyway? Post all their most sensitive data for all to see?
  • Just kill Facebook already. Consistent with breaches or other shady practices
  • And they're trying to start an operating system? Facebook please go away.
  • Hmmmm. A few people spout popular conspiracy rubbish and Facebook is gone. No. More like any other site it's at risk of breach. Live with it! End.
  • Omg... How many times are we going to let this happen? At this point it's blatant irresponsibility. Facebook is dead to me. Sorry Fam, you'll just have to pick up the phone and call me.
  • Every time I hear about one of these breaches, it's makes me feel better that I never joined FB. It's bad enough that Google has my info.
  • ..... and Google have sold that info to how many zillions?
  • ...allowed app developers access to users' phone numbers...!!!
  • No wonder why I get so many fricking spam calls....does Zuckerburg ave no consideration for others?
  • Hell no! Zuckerburg doesn't care about anyone, he just laughs how dumb we are sharing all of our personal info! -> https://endsocialmedia.com