Facebook users were urged to update their contact details after a breach left millions of personal information exposed online. Security researchers have found that up to 267 million Facebook users may have their data left open to hackers after a database containing their personal information has been left unsecured on the web for nearly two weeks.
Facebook names, phone numbers and user IDs were among the details exposed, but no payment information was put at risk.
The breach was discovered by security researcher Bob Diachenko, along with Comparitech, who discovered an insecure Elasticsearch database containing user information.
"A database of this size is likely to be used for phishing and spam, especially via SMS," said Diachenko. “Facebook users should be on the lookout for suspicious text messages.
Even if the sender knows your name or some basic information about you, be skeptical of unsolicited messages.
Diachenko noted that the affected users were mainly from the US, with those who did not define their Facebook profiles as "private", considered at higher risk.
After discovering the database, he and the Comparitech team alerted the ISP hosting the information, but it was online for about two weeks before it was withdrawn.
It is unclear how the information was stolen, but one possible theory is that hackers were able to compromise the Facebook developer API, which application manufacturers use to access user profiles and connected data.
This is not the first time Facebook has been accused of neglecting users' privacy, with the social network currently battling a lawsuit following a raid last year that left about 29 million user accounts open to hackers.