More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.
Dianchenko says he reported the database to the service provider managing the IP address of the server, but the database was exposed for nearly two weeks. In the meantime, he says, the data was posted as a download in a hacker forum.
That’s a lot of personal data to be floating around in the wild, and as Comparitech notes, it could be used to carry out phishing scams and other foul play.
“We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” a Facebook spokesperson told Engadget.
Unfortunately, this is far from the first time that millions of Facebook users have had their data exposed online. In September, a security researcher found another database with 419 million records tied to Facebook accounts. One year prior, a hack exposed private info belonging to 29 million users. Third-party errors have left 540 million Facebook records exposed, and earlier this year, over 20,000 Facebook employees had access to 600 million users passwords. While Facebook’s future may be private, its present is apparently not.