The Facebook data was available in a downloadable database (NurPhoto via Getty Images)

Facebook users may have been caught up in yet another huge data breach, according to a report from privacy experts.

User IDs, phone numbers and names of 267 million Facebook users has been uncovered in a database that was being made available on a hacker’s forum as a downloadable file.

The database was found by Comparitech, who partnered with security researcher Bob Diachenko. They first indexed the database on December 4 but it is now no longer available. They say the database wasn’t password protected and, in the words of Comparitech, ‘could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users.’



Metro.co.uk contacted Facebook about the report and was given the following statement:


‘We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,’ a company spokesperson said.

Facebook CEO Mark Zuckerberg has repeatedly promised to improve the company’s stance on privacy (Getty)

MORE: Facebook owns 4 of the 5 most-downloaded apps of 2019

Diachenko believes the database was compiled either by illegal scraping of data from within Facebook or abuse of the company’s API by Vietnam-based hackers. If so, it likely happened before 2018 when the company restricted the developer’s API access to phone numbers.

While scraping is against Facebook’s policies, it is fairly easy to do – especially if users have their profiles set to public.

‘The 267 million Facebook users who had their names and personal phone numbers exposed to potential hackers are at high risk for a variety of targeted spam messages, phishing attacks or other scam attempts,’ commented Stuart Reed, VP of Cyber at Nominet.

‘With this information, hackers are given a direct line of access to these users – and that can enable criminals to more effectively target these users and gain further private information that can be utilized by bad actors. Given the length of time that this information was publicly available, the likelihood of these attacks is especially high.’

This isn’t the first time this has happened. Earlier this year, cybersecurity firm UpGuard said it found more than 540 million Facebook records had been stored publicly on Amazon cloud servers by two different third-party apps.

Facebook said it had taken down the databases once it was made aware of them.

‘Facebook’s policies prohibit storing Facebook information in a public database,’ a company spokeswoman said in a statement at the time.

‘Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.’

How to protect your privacy on Facebook

You can control your own privacy settings (Getty)

Most users want to edit Privacy to stop certain people seeing certain things they have posted, or will post.

You can also stop certain people contacting you, make Facebook ask you to approve a tag and a whole lot of other things to stop your identity being bandied around the place like a bag of Werther’s Originals.



How do you do these things? Follow these steps:

Login to Facebook, preferably on a Desktop.

After clicking on the downward arrow in the upper right-hand corner, click on Settings then Privacy .

then . Click on Who can see my posts , or Who can see my future posts.

, or Make edits to how private or public your profile is. You can narrow down options based on geography, or what kind of Friend you want to share with.

That won’t stop those people seeing/not seeing what you’ve already posted . To make sure retroactive posts are brought in line with this new setting, click Limit the audience for posts you’ve shared with friends of friends or public.

. To make sure retroactive posts are brought in line with this new setting, click Scroll down to How People Find and Contact You and edit the options to your liking.

and edit the options to your liking. Enable the option Review posts you’re tagged in before the post appears on your timeline.

In the left-hand menu, click on Timeline and Tagging and edit according to who you want to see your tags and the things on your timeline.

To check your changes, click Review what other people see on your timeline and you will be shown what your page looks like to certain people.

and you will be shown what your page looks like to certain people. You can also deactivate Facebook’s ability to identify you by your face by analysing photos. Click Face Recognition in the left-hand menu and disable it.