A fresh Facebook breach reported by Comparitech and security researcher Bob Diachenko claims personal data of 267 million Facebook users was on the line, online.
The report says the breached data consisted of user IDs, phone numbers and names of 267,140,436 Facebook users was left exposed on a database online. This database could be accessed by anyone on the web without a password or any form of authentication and hence, it could be used for SMS spam and phishing attacks.
After getting to know about the data leak, Diachenko contacted the internet service provider so that the access to the IP address of the database could be removed from the servers.
However, the database was exposed online for almost two weeks before the ISP revoked access to the database.
The data of 267 million Facebook users, apart from being available on the database was also posted on a hacker forum for anyone to download.
Diachenko said that the hackers could have exploited a security hole in Facebook’s API. The researcher also said that there is a possibility that this data could have been stolen without using Facebook APIs. There is a possibility that hackers could have gathered this data from “publicly visible profile pages”.
Facebook in response to the latest leak said that it was looking into the matter. “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” the company said in a statement to the US based media channels.