Facebook users have been urged to update their contact details after a breach left millions of pieces personal information exposed online.
Security researchers found that as many as 267 million Facebook users may have had their details left open to hackers after a database containing their personal information was left unsecured on the web for nearly two weeks.
Names, phone numbers and Facebook user IDs were among the details exposed, but no payment information is thought to have been put at risk.
- Facebook says it won’t break end-to-end encryption
- How to delete your Facebook account
- Best security key 2020: top hardware keys for online protection
Not so private
The breach was uncovered by security researcher Bob Diachenko along with Comparitech, who discovered an unsecured Elasticsearch database containing the user information.
“A database this big is likely to be used for phishing and spam, particularly via SMS,” Diachenko said. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Diachenko noted that the affected users were mainly from the US, with those who have not set their Facebook profiles to “private” thought to be most at risk. After discovering the database, him and the team at Comparitech alerted the ISP hosting the information, however it had been online for around two weeks before being taken down.
It’s not clear how the information was stolen, but one possible theory is that hackers were able to compromise Facebook’s developer API, which is used by app makers to access user profiles and connected data.
This isn’t the first time Facebook has been accused of neglecting user privacy, with the social network currently fighting a lawsuit following an attack last year which left around 29 million user accounts open to hackers.
- Keep your identity safe online with the best VPN of 2020