The social network may have inadvertently exposed millions of phone numbers related to people’s Facebook accounts, according to a report on TechCrunch.
The online publication says that an exposed server found online “contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.” TechCrunch added that, absent password protections, anyone could access the data.
Do you need to buy a new iPhone? A new iPhone is coming. But no, you don’t really have to pay new-phone prices
Facebook issued a statement to USA TODAY in which it said, “This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”
Those changes were addressed as part of a Facebook newsroom post on April 4, 2018, by the company’s Chief Technology Officer Mike Schroepfer in the aftermath of the Cambridge Analytica scandal, the political ad marketing firm that worked for President Trump and was involved in the misappropriation of 87 million Facebook users’ data.
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name,” Schroepfer wrote at the time. “However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature.”
Facebook also believes that, because of numerous duplicates, the total number of phone numbers found online more likely amount to about half of the total number TechCrunch reported – still, obviously a large sum.
TechCrunch indicated that it verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID, and that some records also included the user’s name, gender, and location by country.
Before it was taken down, the database was discovered by a security researcher Sanyam Jain, who then contacted TechCrunch. Jain said that he found profiles associated with celebrities.
Still unknown is who might have scraped the data.
Facebook has been hit by a series of privacy and data scandals. In July, the company was fined $5 biliion by the Federal Trade Commission, for violating consumers’ privacy rights.