Facebook data breach sees millions of user personal details leaked online
267m Facebook users could have had their contact details exposed
Millions of Facebook users may have had their personal details exposed for anyone to see online after experts discovered a major data breach.
Security researchers found that as many as 267 million Facebook users may have had their details left open to hackers after a database containing their personal information was left unsecured on the web for nearly two weeks.
Names, phone numbers and Facebook user IDs were among the details exposed, but no payment information is thought to have been put at risk.
- Facebook says it won't break end-to-end encryption
- How to delete your Facebook account
- Best security key 2020: top hardware keys for online protection
Not so private
The breach was uncovered by security researcher Bob Diachenko along with Comparitech, who discovered an unsecured Elasticsearch database containing the user information.
“A database this big is likely to be used for phishing and spam, particularly via SMS,” Diachenko said. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Diachenko noted that the affected users were mainly from the US, with those who have not set their Facebook profiles to "private" thought to be most at risk. After discovering the database, him and the team at Comparitech alerted the ISP hosting the information, however it had been online for around two weeks before being taken down.
It's not clear how the information was stolen, but one possible theory is that hackers were able to compromise Facebook’s developer API, which is used by app makers to access user profiles and connected data.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This isn't the first time Facebook has been accused of neglecting user privacy, with the social network currently fighting a lawsuit following an attack last year which left around 29 million user accounts open to hackers.
- Keep your identity safe online with the best VPN of 2020
Via Threatpost
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.