Skip to main content
Data Breaches

267 Million Facebook Users Had Personal Information Exposed Online

By Steve Symanovich, a NortonLifeLock employee

More than 267 million Facebook users may have had their personal data exposed in an online database, cybersecurity researchers said December 19.

Here’s what information was exposed:

  • Names
  • Facebook IDs
  • Phone numbers

The risk for affected Facebook users? Cybercriminals could use the information for spam messaging, phishing email, identity theft, or other nefarious purposes.

Most of the people affected are U.S. Facebook users.

Who could have accessed the Facebook data?

The data was posted to an online forum for hackers, according to Bob Diachenko, the data security researcher who found the unprotected database, and Comparitech, a tech website. The database required no password for about two weeks.

Facebook said the database is no longer available.

What should I do if my information was exposed?

Data breaches can increase the possibility of becoming a victim of cybercrime.

The exposure of names, Facebook IDs, and phone numbers could raise a variety of risks.

Here are some steps you can take to help protect yourself.

  • Change your Facebook privacy settings. You can adjust settings, for example, to prevent your profile information from appearing in search results.
  • Watch for spam messaging. Cybercriminals can use your phone number to send messages tied to scams and with links that could infect your device with malicious software.
  • Beware of phishing emails. Fraudsters may use your data to trick you into opening emails or clicking on links that may appear to be legitimate.

Should I consider changes to my social media profiles?

The Facebook data breach may be a reminder to be careful about what you share on social media platforms.

For instance, it’s a good idea to exclude sensitive personal information that could be used in scams or in identity theft.

It’s also smart to read a social platform’s privacy statements. You may be able to avoid having outside parties mine your data.


See if we find your info on the dark web

By simply entering your email, we search for potential threats to your identity. 

NortonLifeLock does not search all personal information at all criminal websites and may not find all breached data. We use the information you provide in accordance with our Global Privacy Statement.

Your information could be for sale on the dark web.

LifeLock identity theft protection sees more threats to your identity, like your personal info on the dark web. And if you become a victim of identity theft, dedicated Identity Restoration Agents will work to fix it.

Start your protection now. It only takes minutes to enroll.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Start your protection,
enroll in minutes.