In a year where data breaches at Facebook have seen no signs of slowing down, another blow has been dealt. 

A reported 267 million Facebook user IDs and phone numbers were exposed online for anyone to access without a password or any authentication. Most of the records affected users from the United States. 

The UK technology research company Comparitech partnered with security researcher Bob Diachenko, and found that the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam. 

“The information contained in the database could be used to conduct large-scale SMS spam and phishing campaigns, along with other threats to end users,” said Paul Bischoff, editor of Comparitech, which has been helping write up Diachenko’s discoveries of unsecured databases for about a year.

Upon investigation, the database was first indexed on December 4th. The troves of data were then posted on a hacker forum that made the data available for download. 

As soon as the breach was discovered on December 14th, Diachenko skipped Facebook and notified the ISP so that access could be removed. The database was made unavailable two days later. 

However, Diachenko said Facebook’s API could  have a security hole that would allow criminals to access user IDs and phone numbers even after access was restricted. The data could also have been scraped from publicly visible profile pages using bots. 

Meanwhile, Facebook announced that is working on its own OS to separate itself from reliance on the modified Android OS currently running on Facebook’s Oculus and Portal devices. 

“We really want to make sure the next generation has space for us,” Facebook’s head of hardware, Andrew Bosworth, told The Information. “We don’t think we can trust the marketplace or competitors to ensure that’s the case. And so we’re gonna do it ourselves.”

The company is hoping the operating system will free it from Google and Android, however with the number of privacy concerns from Facebook over the last couple of  years, it may be hard to gain trust from the industry.

Facebook has already tried to develop and release its own cryptocurrency Libra this year, which has been slow going due to concerns the industry has surrounding the company. ”

“So now no one stopping from collecting personal data,” a user commented on the reports about Facebook’s OS.