Over the past two weeks, user IDs, phone numbers, and names have been easily accessible without a password or other form of authentication. Researchers believe the data was collected as part of an illegal operation or Facebook API exploit.
A Facebook spokesperson said the company is looking into the breach.
"We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information."
Fearful that the information could be used for online phishing scams, Diachenko immediately contacted the service provider that manages the IP address of the server to have the database removed.
Unfortunately, the data was also posted to an online hacker forum and made available for download.