Published: Thu, September 05, 2019
Electronics | By Kelly Massey

Facebook leak contained phone numbers for 419 million users

Facebook leak contained phone numbers for 419 million users

Just last month, Business Insider's Rob Price reported that Facebook was launching a review over hundreds marketing and advertising firms amid indications of widespread misuse of Instagram user data, including data scraping of users' public data without their consent. The database was found on an unsecured server - it wasn't password-protected - and was available for anyone to access.

The database included 18m phone numbers and their associated unique Facebook profile number or "ID" from the United Kingdom, a further 133m belonging to users in the U.S. and more than 50m from Vietnam, TechCrunch reported.

Millions of American Facebook users' phone numbers are believed to be among those found. Facebook said there is no evidence that any accounts were compromised. There is also no information on the owner of the database and on how it was generated.

The information in question, according to the report, included users' Facebook IDs -which are a string of numbers used by the company to uniquely identify an account - and the associated phone number for each account. In the wake of the Cambridge Analytica scandal in March 2018, Facebook shut down that search tool in April 2018.

Can rages at Sarri over Juventus Champions League snub
Do you think Can and Mandzukic should have been included in Juve's Champions League squad? "The condition was that I'd be in the Champions League ".


A Facebook spokesperson said the data set was old and had been deleted. The researcher, Sanyam Jain, found the databases on an exposed server that wasn't protected with a password. When the publication contacted the database's web host, the information was taken offline.

TechCrunch was able to verify several records by matching a known user's phone number to a Facebook user ID or by matching phone numbers with the social media site's password reset feature. The company says that data set has since been taken down and that it has no evidence Facebook accounts were actually compromised.

Whittaker noted that having access to a user's phone number could allow a bad actor to force-reset accounts linked to that number, and could further expose them to intrusions like spam calls or other abuse.

Like this: