The personal phone numbers of more than 419 million Facebook users have been found stored online in an unprotected database.
If it isn't juggling hearings and billion-dollar fines, Facebook is getting itself involved in another data leak.
Tech Crunch (TC) broke the news that the personal phone numbers of more than 419 million Facebook users have been found stored online in an unprotected database, hosted on a Facebook server. With no password or encryption in place, anyone could practically access and harvest the phone numbers of these 400 million+ users, the bulk of which were in the US.
Of those affected, 133 million live in the US, 18 million in the UK, and 50 million in Vietnam.
"Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username,: TC said.
TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID.
Some of the records also had the user’s name, gender and location by country.
Sanyam Jain, a security researcher and member of the GDI Foundation, found the database and contacted TechCrunch after he was unable to find the owner of the database. After TC contacted the web host, the database was pulled offline.
Attempting damage control, Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.
“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said. “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
Last year, Facebook had reconfigured and restricted access to users' phone numbers on its platform, in an effort to improve privacy and avoid situations such as this. Given their protocol change last year, the data found on the database could very well be old as Nancarrow says. This doesn't eliminate the fact, however, that users often hold on to their phone numbers for years and even decades, which means that even if this info is old, it's still valid for the most part.
This latest privacy debacle comes hot on the heels of a $5 billion fine the social media giant is being made to pay for their privacy misdeeds in recent years, most notably the Cambridge Analytica scandal.
Back in May, Facebook-owned Instagram faced a similar situation as the one Facebook is facing now, where the private information of 49 million Instagram influencers had been found exposed online in an unprotected database, scraped by a third party.in Mumbai.