Over 400M Facebook User Phone Numbers Exposed

September 06, 2019
Over 400M Facebook User Phone Numbers Exposed

The phone numbers were discovered on a server without password protection so anyone could view them. 133 million are for US Facebook users.

Facebook may be giving privacy a try, but it clearly isn't working too well after 419 million Facebook user phone numbers were discovered on an unprotected server.

As TechCrunch reports, the numbers were collected for a feature Facebook shut down last year that allowed users to find friends by entering their phone number. The server containing them had the data split across several databases and no password protection was in place meaning they were accessible by anyone.

In total, 133 million of the numbers are for US Facebook users, 18 million are for users in the UK, and 50 million for users in Vietnam. Each number is stored with a unique Facebook ID making it relatively easy to link them to a Facebook username.
According to Facebook spokesperson Jay Nancarrow, this is actually old data, "This data set is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers ... The data set has been taken down and we have seen no evidence that Facebook accounts were compromised."

Even if the data is old, it's no less relevant to the people who still use these phone numbers. The server had the phone number records added last month, meaning someone is still sharing and therefore using the data. Having your phone number exposed in this way could at the very least lead to spam calls and at worst allow an attacker to reset account passwords and take control of internet-based services.

Facebook holds a treasure trove of user phone numbers on its database and doesn't have a great track record when it comes to protecting them. You may remember back in March it was discovered Facebook won't allow users to opt-out of having their phone number used to look them up. The default account setting for who can look you up using a phone number is "Everyone." It's up to users to restrict Facebook's access to your number.

Any video from Facebook you can always download the application.


Leave a Reply

Your email address will not be published.