Skip to main content

Facebook faces another huge data leak affecting 267 million users

More than 267 million Facebook users’ IDs, phone numbers, and names were exposed to an online database that could potentially be used for spam and phishing campaigns. 

Security researcher Bob Diachenko uncovered the database, according to Comparitech. The database was first indexed on December 4, but as of today, December 19, it is unavailable. Comparitech reports that before the site was taken down, the database was found on a hacker forum as a downloadable file. 

Most of the Facebook users that were affected by this leak are located in the U.S., and the data included people’s Facebook IDs, phone numbers, and their full names. 

Diachenko told Comparitech that the leaked data was most likely a result of illegal scraping or a hole in Facebook’s API. Scraping is against Facebook’s policies but can be easily done, especially if users have public profile settings. 

Because of this, Facebook users are advised to set their privacy settings to “Friends” and set the “Do you want search engines outside of Facebook to link to your profile?” setting to “No.” Diachenko also said to be wary of suspicious, unsolicited text messages. 

Facebook CEO Mark Zuckerberg
Antoine Gyori - Corbis / Getty Images

Digital Trends reached out to Facebook to comment on the leaked data and what they have done in response, and we’ll update this story once we hear back. 

It’s not the only instance this year where Facebook had privacy mishaps. As recent as last month, private data of Facebook and Twitter users were also compromised through malicious third-party Android apps. Earlier in the month, it was found that private data of thousands of Facebook group members had been compromised.

Back in September, millions of phone numbers associated with Facebook accounts were discovered in an exposed, online database. The records reportedly contained users’ Facebook IDs and the phone number associated with each person’s account. Some records even had users’ names, gender, and location. 

It is important to note that frequently changing your password and using unique passwords for different platforms are essential for online privacy and security. It’s no secret that we are bad at password management, but having better password habits can be a defense against data leaks. 

Editors' Recommendations

Allison Matyus
Former Digital Trends Contributor
Allison Matyus is a general news reporter at Digital Trends. She covers any and all tech news, including issues around social…
Wawa data breach: Hacker is selling 30 million credit cards on the dark web
wallet with cash and cards

Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.

Wawa convenience stores announced the attempts to sell the data in a news release on January 28. According to the Gemini Advisory Board, a company that identifies cyberthreats, the credit card information was found on the website called Joker’s Stash marketplace and exposed customer data from 30 million cards. 

Read more
The Off-Facebook Activity tool lets you take control of your shared data
fbi wants social media data facebook app mem2

Facebook is hoping to be more transparent about your data and activity by expanding a new privacy feature to the U.S. and the rest of the world. 

The new feature is called the Off-Facebook Activity tool, which was previously only available to people in Spain, Ireland, and South Korea. Facebook CEO Mark Zuckerberg announced the worldwide feature rollout on Tuesday, January 28, which is appropriately Data Privacy Day. 

Read more
Wyze customers hit by online data leak, company confirms
Wyze Sense Starter Kit review

Wyze, maker of smart home devices such as cameras, locks, and lightbulbs, has confirmed several data breaches that left personal data linked to millions of its customers exposed online.

The first leak was spotted by cybersecurity firm Twelve Security and reported on December 26, while the second was reported a short while later by a Wyze community member. Twelve Security suggested the data belonged to as many as 2.4 million Wyze customers.

Read more