Hundreds of millions of phone numbers from Facebook users’ accounts have been found stored online, putting more pressure on the social network’s already questionable reputation for security
The server was found to contain almost half a million records on multiple databases across the world, including 50 million in Vietnam, 18 million in the UK and 133 million in the US.
Almost anyone with a modicum of technical know-how could’ve accessed the databases on the server as they were not password protected.
TechCrunch was alerted to the security flaw by Sanyam Jain, a security researcher and member of the GDI Foundation. They ran known phone numbers with those found on the compromised records to confirm the legitimacy. They were also said to contain each user’s Facebook ID, which is freely available on the site, linked to the phone number.
Last April, in a Newsroom post, Facebook announced that the access to phone numbers on accounts was restricted, and users could no longer search for a profile in this way. The phone numbers were also used for account recovery.
Mike Schroepfer, Chief Technology Officer at Facebook, said: “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped…So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”
According to TechCrunch, a number of the records also contained the user’s location, gender and name. While the data is not thought to be new, it has recently been placed in these databases, adding even more confusion to an already bizarre, and worrying, situation.
This is the latest in a string of scandals surrounding data security, in which Facebook seems constantly mired in. Last year they were embroiled in the Cambridge Analytica fiasco, in which the data of 87 million users was harvested. They also came under fire recently, for admitting to transcribing audio chats.
A Facebook spokesperson said: “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”