Facebook left huge database of users’ phone numbers exposed

By

Facebook faces antitrust investigation.
Oh look! Another Facebook data leak.
Photo: Ste Smith/Cult of Mac

A Facebook server containing hundreds of millions of users’ phone numbers was left completely exposed to potential attackers, according to a new report.

The data linked each phone number to a user’s unique Facebook ID, potentially exposing personal information that could be used against victims. Some of the records also contained the person’s name, gender and country.

Techcrunch took a look at the data and confirmed you could match a known Facebook user’s phone number to their public Facebook ID. Facebook says it has already taken down the server and claims there is no evidence that it was compromised. However, considering Facebook’s troublesome past with data leaks, there’s some room to be skeptical.

facebook
An example of the data sets on the exposed server.
Photo: Techcrunch

Over 419 million records were stored on the exposed server. 133 million records were for US-based Facebook users. 18 million UK users were exposed while 50 million Vietnamese phone numbers were found on the server.

Last year, Facebook suffered its biggest data breach ever when data from hundreds of millions of accounts were exposed. Apple used the Facebook fiasco as a way to promote its own privacy policies which earned a few snide remarks from Mark Zuckerberg. Apple recently got hit with its own Siri privacy scandal though.

GDI Foundation security researcher Sanyam Jain was the first person to find the database. He told Techcrunch that he found profiles and phone numbers associated with celebrities. Even if the server was accessed by a nefarious party, there isn’t much exposed users can do other than change their phone number, which isn’t all that convenient.