Guess what, it’s time for another report on a Facebook data leak. This time an unsecured database containing the phone numbers of nearly 420 million Facebook users has been found online. Facebook (of course) says no accounts have been compromised as a result of the exposure.
TechCrunch reports security researcher Sanyam Jain discovered a server that contained the phone numbers and in some cases the names and locations of Facebook users. Jain was unable to find the owner of the server, so he told TechCrunch about it. The publication then cross-checked the data against known Facebook profile and matched numbers against Facebook’s password reset feature.
While the database is no longer online, when it was, the server it was on was left unprotected, needing no password to access it. That means anyone could access the database containing the records of user IDs and phone numbers.
TechCrunch says the records of around 133 million U.S. Facebook users were included in the database, as was information related to 18 million UK users and more than 50 million users in Vietnam.
Facebook spokesman Jay Nancarrow said the data had been escaped prior to the social network’s shutting down the feature that allowed users to search for friends via their phone number. The tool was disabled in the wake of the Cambridge Analytica scandal.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” Nancarrow said. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”
The revelation of the leak is just the latest in a long line of Facebook security F-ups affecting its users’ privacy. In addition to the Cambridge Analytica, a 2018 security breach was revealed that affected 30 million accounts, and in March of this year, it was revealed that hundreds of millions of unencrypted accounts passwords were stored on servers.