About 260 million Facebook users stand a risk of their personal information being leaked online. The company has sent messages to users to update their contact details on the platform after a breach left millions of contact information exposed online.
Names, phone numbers and Facebook user IDs were among the details exposed, but no payment information is thought to have been put at risk.
Security researcher, Bob Dian Diachenko along with Comparitech discovered an Elasticsearch database containing the user information.
“A database this big is likely to be used for phishing and spam, particularly via SMS,” Diachenko said. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Diachenko observed that Facebook users who were yet to set their account as ‘private’ were most at risk. After discovering the database, himself and the team at Comparitech alerted the ISP hosting the information, however, it had been online for around two weeks before being taken down.
The going theory about how the breach occurred is that hackers were able to compromise Facebook’s developer API.
Facebook had been hacked in the past more recently last year when 29 million users were exposed to hackers leaving Facebook with several lawsuits to defend.