The extensive list of IDs - 267,140,436 records, mainly American users - was available online for about two weeks in an unprotected format on several hacker forums, according to the Comparitech cybersecurity company.
"[We] believe this is likely information obtained before changes we made in the past few years to better protect people’s information”, a Facebook spokesperson said, cited by The Sun, adding that the company was "looking into this issue".
According to an investigation made by Comparitech, "the trove of data is most likely the result of an illegal scraping operation or Facebook API [application programming interface] abuse by criminals in Vietnam". The exposed IDs contained "a unique Facebook ID, a phone number, a full name, a timestamp".
The cybersecurity firm believes that hackers obtained the data from Facebook’s developer API before the company restricted access to phone numbers in 2018. Facebook's API, however, may also have a vulnerability that would allow criminals to access personal information even after that access was restricted, according to the cybersecurity company.
The mass data leak is only the most recent in a long line of breaches for Mark Zuckerberg's social media brainchild. In September, a whopping 419 million records across several databases were exposed, including phone numbers and Facebook IDs, the media report said, adding that some 133 million US accounts were left in an open online server with no password to secure them - including those of some celebrities.