Massive leak leaves 267 million Facebook users' data exposed

Mark Zuckerberg in front of the Facebook logo
Mark Zuckerberg in front of the Facebook logo (Image credit: Android Central)

What you need to know

  • A massive data leak affecting 267 million Facebook users was publicized this week.
  • The database was exposed on the internet and accessible without any authentication or password requirements.
  • It contained users' IDs, phone numbers, and real names.

While Facebook's busy making its own OS, millions of the company's users' data has been leaked, thanks to one of the largest data leaks in the company's history.

Cybersecurity firm Comparitech and researcher Bob Diachenko say they've found a database containing the Facebook IDs, phone numbers, and names of 267 million users on the web. The database, they claim, was entirely exposed on the internet and did not require a password or any other form of authentication to access.

They posit that the origins of the database probably lie in Facebook API abuse by criminals in Vietnam or an illegal data scraping operation. While Diachenko immediately notified the ISP hosting the data, he warns that it was available for two weeks before it was removed. It was also available as a download on a hacker forum.

Facebook, which previously suffered from data breaches affecting 30 million and 419 million users in 2018 and 2019, respectively, responded to the incident as follows:

We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information.

As Comparitech points out, this is likely in reference to change Facebook made to its API that previously allowed app developers access to users' phone numbers.

The data could eventually be used for mass phishing campaigns due to its inclusion of phone numbers, so users would be well advised to be suspicious of any text messages or emails asking for your password or other sensitive information. Comparitech also suggests changing all the fields in Facebook's privacy settings to "Only friends" or "Only me" and disabling the ability of search engines to link to your profile in order to prevent your data from being scraped by bots.

Facebook was the most downloaded app of the decade

Muhammad Jarir Kanji
Latest in Meta
Whatsapp status update
WhatsApp to bring collage feature for cleaner status updates with 'Layouts'
Meta Logo.
'We want to do it right this time,' Meta says as it starts testing Community Notes
The Meta sign at the company campus at 1 Hacker Way.
Meta wants the court to dismiss an FTC antitrust lawsuit... again
Meta and its brands
Meta working on generative AI model to power Reels and more, says head of Facebook
The Meta sign at the company campus at 1 Hacker Way.
Meta Q4 2023 earnings report shows record-breaking Quest 3 sales, ad profits
A Facebook mockup showing two separate Facebook profiles for the same account.
Facebook now makes it easy to lead a double life with multiple personal profiles
Latest in News
The Light Phone III in lifestyle photos.
The Light Phone 3 is here with miniature features, massive $799 price tag
YouTube Premium homepage on Android
YouTube's notification test impacts channels you rarely interact with
Google Pixel 8a
Google tipped to bring text-based actions in AI Overviews for Circle to Search
Pixel Watch 3 run coaching suggestion in the Fitbit app on a Pixel 9
Fitbit's Health Metrics are getting a redesign on Android and iOS
The Galaxy S24 Plus in hand with a light behind it
Samsung's sixth One UI 7 beta for the Galaxy S24 rolls out as launch nears
The promotional image for Google Workspace feature drops.
The March Workspace feature drop upgrades Gemini's note-taking and translation tools