Hundreds of millions of Facebook users’ data has reportedly been leaked to the dark web, according to a new report .
Comparitech and security researcher Bob Diachenko reported that he found a database containing 267 million Facebook user IDs, phone numbers and names that were left exposed on the dark web for anyone to access without password protection or any other authentication.
In total, 267,140,436 records were exposed.
According to Diachenko, who examined the evidence, the data likely came from “an illegal scraping operation or Facebook API abuse by criminals in Vietnam.” Most of the stolen data was from users in the United States.
Comparitech said that “‘scraping’ is a term used to describe a process in which automated bots quickly sift through large numbers of web pages, copying data from each one into a database. It’s difficult for Facebook and other social media sites to prevent scraping because they often cannot tell the difference between a legitimate user and a bot. Scraping is against Facebook’s–and most other social networks’–terms of service.”
While the information stolen was minimal, it could still potentially lead to large-scale SMS spam and phishing campaigns, among other threats to Facebook users whose data was compromised.
The database was freely accessible online for at least 10 days beginning Wednesday, Dec. 4, Diachenko said. He notified the Internet provider where it was hosted when he found it on Dec. 14; five days later it was no longer available.
In a statement, Facebook said it was investigating the issue and that the finding “likely” involved information obtained before Facebook took unspecified data-protection measures in recent years.