Facebook
FacebookiStock

Cybersecurity researchers said on Thursday that more than 267 million Facebook users had their personal data exposed in an online database that collected their names, Facebook IDs, and phone numbers.

According to Business Insider, the database was available online without a password to anyone who accessed it for about two weeks.

Diachenko, a data-security researcher, said that 267,140,436 records were exposed and that most of the people affected are from the United States. The report said that people identified in the database could be targeted by spam messages or other scam attempts using their name and phone number.

A Facebook representative said after the database was taken offline, "We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information."

The database first appeared online on December 4, and on December 12 the data was shared publicly on a forum for hackers, the report said. Believing the database was a part of a criminal enterprise, Diachenko reported it to the internet service provider on December 14.

As of Thursday, the database is no longer available online, but that doesn't necessarily mean that the exposed data wasn't copied elsewhere, noted Business Insider.

In September of 2018, Facebook announced it had discovered a security breach affecting nearly 50 million user accounts.

The company said that hackers exploited its "View As" feature, which lets people see what their profiles look like to someone else. Facebook stressed it has taken steps to fix the security problem and alerted law enforcement.

Several months earlier, Facebook said a bug in its software had changed the default setting on some users' posts to "public" without requesting their consent.