Security researchers have determined that 267 million Facebook users’ phone numbers, names and user IDs have been exposed in a database.
The database could be accessed by anyone online and the information was made available for download on a hacker forum, according to U.K.-based research firm, Comparitech. It was not protected by a password or any sort of safeguard.
The database has since been removed, but was available for almost two weeks.
Comparitech says that the exposed Facebook data puts people at risk of facing phishing and spam campaigns, as reported by CNET. Hackers could use a person’s Facebook ID to determine their username and details about this profile information.
This latest discovery adds to a long list of concerns questioning whether Facebook does enough to protect its billions of users.
It also follows the scandal involving U.K. political consultancy Cambridge Analytica, and how it harvested the information of more than 87 million Facebook users without consent.
A spokesperson from Facebook provided MobileSyrup with the following comment: “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”
Update: 20/12/19: The article was updated to include a statement from Facebook.