Over 400 Million Records Of Facebook Users' Phone Numbers Found In Unsecured Online Database

A security researcher discovered an online database where hundreds of millions of Facebook users’ phone numbers could easily be retrieved. The data could have been used by malicious agents, but Facebook says there is no evidence that any accounts were compromised.

Unsecured Online Database

In the past, Facebook users could simply input a phone number to find people on Facebook. However, the company shut this feature down in 2018 after Cambridge Analytica found that malicious agents had been gathering data from it.

It seems as though the problem with having phone numbers scraped from Facebook is over, but on Wednesday, security researcher Sanyam Jain disclosed to Tech Crunch that he discovered an unsecured online database where hundreds of millions of Facebook users’ phone numbers could be found. Specifically, the server contained about 419 million records of Facebook users, 133 million were from the United States, 50 million from Vietnam, and 18 million from the United Kingdom.

Facebook Users’ Phone Numbers

According to Jain, the records contained Facebook users’ unique ID and phone numbers listed on their accounts, while some even contained the users’ name, gender, and location by country. Some of the profiles were even linked to celebrities. Even more concerning, the server did not require a password to be accessed, meaning that anyone could just come and have a look at the data.

According to a Facebook spokesperson, they immediately launched an investigation after they were informed of the discovery, but only about half the number of reported users were affected because there were many duplicates in the data. Further, the data is supposed to be old ones that were gathered before the changes were made the previous year.

Security Lapse

Despite being supposedly “old data,” being practically exposed online put users at risk, yet again, of data scraping in bulk. Apart from users’ Facebook profile data, their personal phone numbers were also exposed to potentially malicious agents that could have used it for a specific agenda.

Given the recent discovery, it is easy to see that there is still more to be done to protect user data. For now, Facebook has taken down the dataset, and they note that there is so far no evidence of compromised Facebook accounts.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics