A security researcher has reported that Facebook had more than 267 million users' sensitive information exposed online.
According to a report from Comparitech and a security researcher Bob Diachenko, more than 267 million Facebook users had their IDs, phone numbers and names exposed to the public online. This was discovered in a database that could be accessed without any means of a password or authentication, essentially being available to the public who would know how to access it.
Researchers believe this sensitive information was gathered as a part of an illegal scraping operation. According to Dianchenko, this data was exposed for nearly two weeks and was posted as a downloadable file in hacker forum. A Facebook spokesperson spoke to Engadget and said, "We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information".
The report states: "In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid."
Each contained:
- A unique Facebook ID
- A phone number
- A full name
- A timestamp
"The server included a landing page with a login dashboard and welcome note."
"Facebook IDs are unique, public numbers associated with specific accounts, which can be used to discern an account's username and other profile info."