Personal data of over 267 million Facebook users emerged in an unsecured database on the dark web. The information included Facebook IDs, full names and phone numbers of 267,140,436 users mostly residing in the United States.
Comparitech, a cybersecurity firm, found the database along with researcher Bob Diachenko. They published a report last Thursday warning the people identified in the database that they could be vulnerable to phishing schemes and spam messaging.
While it wasn’t found how the sensitive data ended up in the dark web, Diachenko was able to trace the database back to Vietnam, as reported by Deadline. The researcher believes that the information may have been collected illegally through the process of “scraping.” The method uses automated bots to copy information from Facebook profiles that are made public. Another speculation is that it could have been stolen directly from the social media giant’s developer API.
Access to the database has now been taken down. However, the records are believed to have been available to anyone surfing the web for two weeks before it was found. A downloadable link to the records was also put up on a popular online hacker forum.
Facebook has been facing a streak of security breaches with over 400 million phone numbers of its users exposed back in September. In 2018, the social media platform was embroiled in a major scandal that found it collected personal data without users’ consent to be used for political advertising.
A company spokesperson confirmed the recent leak in a statement to the Daily Mail:
‘We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.’