There have been numerous incidents of privacy breaches on Facebook. Now it has come to light that 267 million Facebook user names and phone numbers have been leaked via a password-less database file on the web.

The leaked database was discovered by security researcher Bob Diachenko and most interestingly the database was left completely unguarded, with not even a password as place. Furthermore, the data includes data like user IDs, names, and phone numbers. The majority of the data is of US-based users. Security researchers pinpointed the source of data as “an illegal scraping operation or Facebook API abuse by criminals in Vietnam.”

One might argue that it is not really a lot of data. However, the combo of user ID with a phone number can still be used for malicious activities. The database was left exposed for two weeks and is now made unavailable. Also, the damage seems to have already been done as it was shared on a hacker forum.

Facebook’s statement to Engadget read as follows “We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”

Our Take

It is worrying that Facebook is getting embroiled in so many scandals. Earlier this year, a database with 419 million user’s ID and phone number was exposed. Most importantly, Facebook doesn’t seem to learn from its mistake and has instead set aside $3 billion to pay fines. Earlier this week Facebook confirmed that they were accessing user location even after you have turned off the location service.

