In another huge privacy letdown, hundreds of millions of phone numbers linked to Facebook accounts have been leaked on an exposed server.
The unsecured database which was discovered by Sayam Jain, a security researcher and member of the GDI Foundation contained records of over 419 million Facebook users. That is, 133 million US users, 50 million in Vietnam and 18 million in the UK.
This records were left exposed on the server which could be accessed by anyone on the Internet. Jain said that he found profiles with phone numbers associated with several celebrities.
Also Read: Hacker Hijack Twitter Account Of Twitter C.E.O, Post Offensive Racial Slurs
According to TechCrunch which first reported the story, "each record contained a user's unique Facebook ID and the phone number listed on the account. A user's Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account's username."
TechCrunch said they verified some of the records and as well as phone numbers and found them to be correct. Some of the exposed records even had the user's name, gender and location by country.
"TechCrunch verified a number of records in the database by matching a known Facebook user's phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook's own password reset feature, which can be used to partially reveal a user's phone number linked to their account," TechCrunch said, and added that "some of the records also had the user's name, gender and location by country."
Also Read: Facebook Will Keep Paying You Every Month For Installing This App
TechCrunch explained that the database was taken offline after they contacted the web host of the database to know more about the exposed server.
Facebook, however, confirmed that the data was exposed, and said that it was investigating to find the origins of the database. However, the social giant tried to downplay the privacy breach by saying that there were duplicates in the databases, and that only 210 millions that were actually affected.
A spokeperson for Facebook, Jay Nancarrow said that the data had been scraped before Facebook blocked the ability that allowed people to use user's phone number to search for them on Facebook
"This data set is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the Facebook's spokesperson said. "The data set has been taken down and we have seen no evidence that Facebook accounts were compromised."