(AP) – A Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users — nearly all United States-based — on the open internet.
That data was likely harvested by criminals, said researcher Bob Diachenko, an independent security consultant in Kyiv.
The database, which Diachenko discovered with a search engine, was freely accessible online for at least 10 days beginning December 4, he said.
He notified the internet provider where it was hosted when he found it on December 14, five days later it was no longer available.
Diachenko said someone downloaded the database to a hacker forum two days before he discovered it so it may have been shared among online thieves.
He first reported the finding Thursday in partnership with the UK tech news website Comparitech, which editor Paul Bischoff said has been helping write up Diachenko’s discoveries of unsecured databases for about a year.
The researcher provided the AP with a 10-record sample from the database and the IDs — and two phone numbers that were answered — checked out against real Facebook users.
The evidence suggests the data was collected illegally, most likely by criminals in Vietnam who may have “scraped” it from public Facebook pages or by somehow obtaining privileged access to the service.
Scraping is automated data-harvesting done by bots.
A small fraction of the database include details on Vietnam-based users.