Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

267 million Facebook users have had their private data exposed

In yet another data breach, it appears that Facebook has accidentally let slip a bunch of user IDs, phone numbers and names.

This information comes from a new Comparitech report. The company worked with security researcher Bob Diachenko to discover the cache of data, which it believes was exposed as the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam.

At first glance it might not appear to severe a sting (we give out our names and phone numbers to people all the time, right?) but this info could be used to conduct further, more malicious phishing attempts and spam people with unwanted texts.

Related: Facebook working on own OS to control AR future

Diancheko reported the leak to the service provider managing the IP address, but worryingly the information had already been posted on a hacker forum on December 12. Most of the users who had their data exposed were based in the US.

It’s not clear how the data could have been stolen by the malicious parties, but Comparitech suggested that it might have something to do with Facebook’s previous handling of phone numbers.

Until 2018 users could search for friends by typing in their digits, but Facebook decided to put a stop to this.

In a post from April of last year, the company said: “Malicious actors have abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery […] So we have now disabled this feature.”

A company spokesperson also seemed to hint that this was behind the leak. Speaking with Endgadget, they said: “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”

Related: This Facebook breach may be scariest yet

This is far from the first time that Facebook data has been found floating around the internet by security researchers. In April, UpGuard Cyber Risk found two databases full of Facebook information, some of which contained full passwords. And in November, a new privacy ‘bug’ was discovered that would allow malicious actors to hijack iPhone users’ cameras.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.