Facebook has previously been under fire for giving people access to private information, and now the social media platform is once again in trouble after a database containing phone numbers belonging to users was leaked online. With over 419 million records, the exposed server includes 133 records on Facebook users in the United States, 18 million in the United Kingdom and 50 million in Vietnam.
Reportedly the unprotected server made it possible to find anyone through the database. Each user’s unique Facebook ID as well as linked phone number is connected to each of the records, and in some cases, also contains the user’s name, gender as well as location by country. The breach means that Facebook users are now at risk of spam calls as well as “SIM-swapping” attacks, meaning that attackers can force-reset the password on whatever internet account is linked with the phone number.
Security researcher and GDI Foundation member Sanyam Jain found the database and later reached out to TechCrunch, and following the discovery the database went offline. A spokesperson for Facebook, claims that the data was scrapped prior to the social networking company restricting access to user phone numbers. “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” he said, adding that “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
It remains to see if there are any consequences suffered by the security breach, but make sure to watch this space as any updates surface.