Skip to main content

267 million Facebook user accounts exposed online: What to do

Mark Zuckerberg Facebook
(Image credit: Chip Somodevilla/Getty Images)

Update 6:21 pm ET: Facebook has issued a statement on this security issue, which you can see below.

An unsecured database containing the Facebook records of 267 million individuals, the majority of them U.S. residents, was online for more than two weeks and was linked to from or copied to a hacker forum. 

The data included Facebook ID numbers, full names, phone numbers and timestamps, according to Comparitech, which worked with researcher Bob Diachenko to analyze the database. Anyone who found it could have accessed it without a password.

What's the threat to you?

It's possible that persons whose data is in the database may see an uptick in spam calls and SMS phishing attempts. However, until April 2018 it was easy to "scrape" Facebook to obtain all this information. Facebook tightened up its access after the Cambridge Analytica scandal broke in March 2018.

What you can do

To make sure your Facebook data is hard to scrape, go into your Facebook settings by clicking the dropdown arrow on the top right of the desktop browser screen, then click Privacy. Under "Privacy Settings and Tools," restrict all available options to "Friends" instead of "Everyone." 

Who is responsible?

The database was taken down earlier today (Dec. 19). Diachenko believes it may be connected to a criminal organization based in Vietnam, and a screenshot provided by Comparitech showed a portal with the words "Log in" in Vietnamese. However, the login credentials apparently weren't necessary.

Comparitech also said Diachenko said the database was "posted to a hacker forum as a download," but it wasn't immediately clear if that meant the entire database was copied to a different server, or whether a link was simply provided.

Facebook responds

Facebook issued the following statement to DailyMail.com:

'We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information.'

Part of a pattern...

This isn't the first time this year something like this has happened. A separate treasure trove of Facebook user data containing records of 540 million people was found in April. Another one with records of 419 million people was found in September. It's likely there was overlap between all three data sets.