A database exposing the names, phone numbers and Facebook user IDs of millions of platform users was left unsecured on the web for nearly two weeks before it was removed.
Security researcher Bob Diachenko discovered the trove of Facebook user data on Dec. 14. The database, which has been pulled down, wasn’t protected by a password or any other safeguard. Access to the database was removed, but by then the information had been out in the open for nearly two weeks. Someone had also made the data available for download on a hacker forum, according to Comparitech, a UK technology research firm that worked with Diachenko.
A Facebook spokesman said in a statement that the company is looking into the issue, but thinks the data was likely harvested before it made changes to better safeguard user information, such as restricting access to phone numbers.
Facebook users who have their phone number set to public should be cautious of phone calls and text messages from unknown numbers, as the information could be used in spam or phishing campaigns.