Unsecured server exposes 419 million records of phone numbers linked to Facebook accounts

• The exposed records included users’ unique Facebook ID and their associated phone numbers.
• A spokesperson for Facebook said that the exposed records are old and had been scraped before Facebook disabled access to user phone numbers.

What’s the matter?

Security researcher Sanyam Jain uncovered an unguarded server that was left publicly accessible without any password protection.

Who all are impacted?

The server contained at least 419 million records linked to several Facebook users including celebrities.

• Out of which, 133 million records were related to U.S.-based Facebook users
• 18 million records belonged to Facebook users in the U.K., and
• Over 50 million records were linked to Vietnamese Facebook users

What was exposed?

• The exposed records included users’ unique Facebook ID and their associated phone numbers.
• The exposed records also included Facebook users’ names, gender, and country.

The big picture

The security researcher who found the leaky server contacted TechCrunch to assist him in finding the owner of the database. TechCrunch reviewed the database and verified the authenticity of the records by matching a known Facebook user’s phone number against the list of exposed Facebook IDs.

Researchers noted that the records appeared to be loaded into the unprotected database at the end of last month. However, the records are old. After this, they contacted the web host and secured the database.

What was the response?

A spokesperson for Facebook, Jay Nancarrow said that the exposed records are old and had been scraped before Facebook disabled access to user phone numbers.

“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised,” Nancarrow said, TechCrunch reported.