Facebook data breach sees millions of user personal details leaked online

Facebook dark mode
(Image credit: Shutterstock)

Millions of Facebook users may have had their personal details exposed for anyone to see online after experts discovered a major data breach.

Security researchers found that as many as 267 million Facebook users may have had their details left open to hackers after a database containing their personal information was left unsecured on the web for nearly two weeks.

Names, phone numbers and Facebook user IDs were among the details exposed, but no payment information is thought to have been put at risk.

Not so private

The breach was uncovered by security researcher Bob Diachenko along with Comparitech, who discovered an unsecured Elasticsearch database containing the user information.

“A database this big is likely to be used for phishing and spam, particularly via SMS,” Diachenko said. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”

Diachenko noted that the affected users were mainly from the US, with those who have not set their Facebook profiles to "private" thought to be most at risk. After discovering the database, him and the team at Comparitech alerted the ISP hosting the information, however it had been online for around two weeks before being taken down.

It's not clear how the information was stolen, but one possible theory is that hackers were able to compromise Facebook’s developer API, which is used by app makers to access user profiles and connected data.

This isn't the first time Facebook has been accused of neglecting user privacy, with the social network currently fighting a lawsuit following an attack last year which left around 29 million user accounts open to hackers.

Via Threatpost

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.