Massive Facebook leak exposes 419 million users' phone numbers
In its latest privacy lapse, Facebook has exposed the phone numbers of hundreds of millions of users on an unsecured server.
Databases on the server were not password-protected, and included details of 133 million US users, 50 million in Vietnam, and 18 million in the UK. In all 419 million records could be accessed by anyone looking in the right place.
- Facebook now lets you opt out of automatic facial recognition
- Facebook may hide Like counts
- Libra Bug Bounty Program seeks to strengthen the security of Facebook's blockchain
The story was first reported by TechCrunch. When the website contacted Facebook to let it know about the exposed server, the social network took the databases offline. In addition to the phone numbers, the server included unique Facebook IDs which could be cross-referenced and matched to identify a user.
The website explains:
TechCrunch verified a number of records in the database by matching a known Facebook user's phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook's own password reset feature, which can be used to partially reveal a user's phone number linked to their account.
Some of the records also had the user's name, gender and location by country.
Facebook has confirmed that the data was exposed, and is investigating to find out the origins of the database. The social network sought to downplay the privacy breach, saying that as there were duplicates in the databases, only 210 million users were actually affected.
It used to be case that users' telephone numbers could be used to search for them on Facebook, but this option was disabled back in April last year in the wake of the Cambridge Analytica scandal.
In a statement, Facebook said:
This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.