The information was freely available for at least two weeks, according to a joint report from Comparitech and researcher Bob Diachenko.
The report indicates the materials first were made available on Dec. 4, then were transferred to a hacker forum eight days later. The information has been removed after Diachenko informed the forum’s internet service provider about the unsecured information. The database belongs to “a criminal organization” in Vietnam “according to the evidence,” the researchers said.
Comparitech claimed the information may have been obtained by “scraping,” which is a technique where bots copy and collect data from web pages.
“We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information,” Facebook said in a statement.
The security breach could call into question Facebook’s plans to develop its own digital coin. Users would be required to provide sensitive information in order to use any such coins for transactions, creating a risk that bank accounts could be compromised.