Facebook user data has been compromised once again. This time, the phone numbers of millions of users have been found online. The exposed server reportedly contained more than 419 million records over several databases on users across geographies. This included 133 million records on US-based Facebook users alone. Another 18 million records of users in the UK and more than 50 million records of users in Vietnam. Since the server wasn’t protected with a password, anyone could access these databases and thus get access to phone numbers of Facebook users.
According to TechCrunch, each record contained a user’s unique Facebook ID and phone number mentioned in their account. Facebook ID is a long, unique and public number associated with a user’s account. It can be used to discern an account’s username. However, Facebook has not made phone numbers public in more than a year. The report highlights that the information contained in the database were legitimate and verified. TechCrunch also checked these records by matching phone numbers against Facebook’s own password reset feature.
This feature could be used to partially reveal a user’s phone number linked to their account. Some records also had the user’s name, gender and location by country. The incident shows that security lapse involving Facebook data don’t have an immediate end yet. After Cambridge Analytica scandal saw a company scrape profile information of 80 million users, the latest security lapse affects even more users. This puts millions of users at the risk of spam calls and SIM-swapping attacks.
The exposed server and the database was found by Sanyam Jain, a security researcher and member of the GDI Foundation. Facebook spokesperson Jay Nancarrow said the data had been scraped before the company cut off access to user phone numbers. “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised,” the spokesperson told TechCrunch. It remains unknown who exactly scraped the data, when it was scraped and why the information was scraped.
The social media giant has restricted developers from accessing phone numbers of its users for more than a year now. It has also made it difficult for users to search for their friends’ phone numbers. The database found in the exposed server seems to have been loaded at the end of last month. Facebook says the data is old and has information obtained before changes to policy.