Reuters

An online database exposed the names, Facebook IDs, and phone numbers of more than 267 million people, said Bob Diachenko, a data-security researcher, and Comparitech, a tech website.

They said the database was available online without a password, exposing the sensitive personal data to anyone who accessed it.

Diachenko traced the database back to Vietnam but could not identify exactly how the data had been accessed or what it was being used for. He said most people affected are from the United States.

Diachenko and Comparitech speculated that the data could be used for spam messaging and phishing campaigns and said they contacted the internet service provider that was hosting the database.

The database is no longer available, but the data was reportedly posted to an online forum before the source was removed.

Visit Business Insider's homepage for more stories.

Cybersecurity researchers said on Thursday that more than 267 million Facebook users had their personal data exposed in an online database that collected their names, Facebook IDs, and phone numbers. The database was available online without a password to anyone who accessed it for about two weeks, according to Comparitech, a tech website, and Bob Diachenko, a data-security researcher.

Diachenko said that 267,140,436 records were exposed and that most of the people affected are from the United States. The report said that people identified in the database could be targeted by spam messages or other scam attempts using their name and phone number.

A Facebook representative said after the database was taken offline: "We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information."

Facebook removed phone-number information from its API in April 2018 following the Cambridge Analytica scandal. That would mean that the numbers included in the database are more than 18 months old.

The database first appeared online on December 4, and on December 12 the data was shared publicly on a forum for hackers, the report said. Believing the database was a part of a criminal enterprise, Diachenko reported it to the internet service provider on December 14. As of Thursday, the database is no longer available online, but that doesn't necessarily mean that the exposed data wasn't copied elsewhere.

To avoid having their information taken from their profile, Facebook users should change their privacy settings to omit their profile from search-engine results and to allow only friends to see their posts, Comparitech said.

Diachenko traced the database to Vietnam but couldn't specify how the information had been obtained. Comparitech said the database could have stolen the information from Facebook's developer API, which shares some sensitive information with app creators. Alternatively, the creators of the database could have used automated bots to pull the information from publicly visible Facebook pages.

Facebook has been overhauling its approach to user data since the Cambridge Analytica scandal, in which the political-consulting firm used the access to Facebook's developer API from a basic personality quiz to obtain the personal data of 87 million Facebook users, then used that information to create voter profiles for Donald Trump's presidential campaign.

Following an investigation by the Federal Trade Commission into its handling of user data, Facebook was fined $5 billion earlier this year, and the settlement agreement imposed new restrictions on the social-media platform.

NOW WATCH: Popular Videos from Insider Inc.