Information on 267 million Facebook users, including user names, phone numbers and Facebook IDs, was exposed online, according to a cybersecurity researcher.
The data, mostly from US Facebook users, was posted on a searchable database by a group that appeared to be based in Vietnam, said Bob Diachenko, the cyber threat intelligence director at Security Discovery, a Ukrainian cybersecurity website that offers news and consulting services. The Vietnamese group appeared to be charging for access to the data, but a flaw in their code inadvertently left the database open to all, he said.
A spokeswoman from Facebook Inc. said that the company was looking into the issue. She said the information was likely obtained before Facebook made changes in recent years to better protect people’s information.
It wasn’t known if any of the user information was accessed or sold by the Vietnamese group. Diachenko partnered with Comparitech, a website that seeks to help consumers research and compare tech services, to uncover the exposed data.
Of the affected users, 99% were from the US and most of the others came from Vietnam, Diachenko said. He said he surmised that the group that was selling access to the information was from Vietnam because of the use of Vietnamese language and because the data — its type and structure — resembles that of other data breaches conducted by Vietnamese hackers.
The exposed information — particularly if cross referenced with other databases — could be used for sophisticated spam or phishing attacks, he said. “This is pretty significant because you can start getting a full profile of a person,” Diachenko said of the data.
Diachenko said he contacted the internet service provider hosting the database, and it was removed on Thursday.
This story has been published from a wire agency feed without modifications to the text. Only the headline has been changed.