A database containing phone numbers of Facebook users have made its way online. Comprised of over 419 million records, the exposed server includes 133 million records on Facebook users in the United States, 18 million records in the United Kingdom, and more than 50 million records in Vietnam.
According to reports, the unprotected server allowed anyone to find and access the database. A user’s unique Facebook ID and linked phone number was connected to each record, some containing the user’s name, gender and location by country. This latest security breach puts Facebook users at risk of spam calls and SIM-swapping attacks, a trick done on mobile carriers to give an attacker a person’s phone number. Once this phone number is given, the attacker can force-reset the password on whatever internet account is linked with the number.
Security researcher and GDI Foundation member Sanyam Jain reached out to TechCrunch after finding the database. He was unable to find the owner, and after TechCrunch contacted the web host, the database went offline.
Jay Nancarrow, a spokesperson for Facebook, claims that the data was scrapped prior to the social networking company restricting access to user phone numbers. “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” he said. “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
In case you missed it, Facebook is considering hiding the number of Like counts.