Cybersecurity confirm that more than 267 million Facebook users personal data exposed by an online database that collected their names, Facebook IDs, and phone numbers.
The database was available online without a password for about two weeks. The most of the people impacted are from the United States. On December 4, the database was first released online.
The data was publicly shared in a hacker forum on 12 December. The database is no longer online, but it doesn’t mean that the exposed data was not replicated elsewhere.
In April 2018, after the Cambridge Analytica controversy, Facebook removed phone numbers from its API. The numbers included in the database are more than 18 months-old. The database developers might have used automated bots to obtain information from Facebook pages that are publicly visible.
Facebook was fined $5 billion in the Federal Trade Commission investigation for mishandling of user data, and the settlement agreement imposed new regulations on the social media platform earlier this year.
This is not the first time when millions of Facebook users have had their data exposed online.