Contact information for 267m Facebook users revealed in huge online leak

Josh Peachey's picture

A database containing more than 267 million Facebook user IDs, phone numbers, and names was openly accessible on the internet for anyone to access.

The database was discovered by security researcher Bob Diachenko, who believes that the data being shared online is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam.

He estimates that the purpose of the database could have been to conduct large-scale SMS spam and phishing campaigns, among other threats to end-users. Diachenko also says the data was also posted to a hacker forum as a download on December 12th.

Although most of the 267,140,436 records were from users in the United States, Diachenko and Comparitech, the company he worked with the expose the leak, say that information could have been taken from publicly visible profiles on the social network, or it was stolen from Facebook’s developer API before the company restricted access to phone numbers in 2018.

This isn’t the first time such a database has been exposed. In September 2019, 419 million records across several databases were exposed. These also included phone numbers and Facebook IDs.

After the exposed personal data was reported, the database was taken down yesterday.