Skip to main content

Millions of phone numbers linked to Facebook found in exposed database

Millions of phone numbers associated with Facebook accounts have been discovered in an exposed database.

A server that wasn’t protected by a password was found to contain over 419 million records from Facebook users worldwide: 133 million U.S. records, 18 million U.K. records, and more than 50 million records from Vietnam, TechCrunch reports.

The records reportedly contained users’ Facebook IDs and the phone number associated with each person’s account. Some records even had users’ names, gender, and location. 

Facebook responded to last year’s Cambridge Analytica incident by disabling the phone number feature that allowed people to use another person’s phone number to find them on Facebook. 

Facebook said on Wednesday that the data found on the exposed server was old data from before the phone number feature was disabled. 

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesperson told Digital Trends. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook’s Chief Technology Officer.

In that post, Facebook chief technology officer Mike Schroepfer wrote that the phone number feature had often been abused.

“…Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery,” he wrote. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.”

Schroepfer also promised that changes to private data would ” better protect people’s information while still enabling developers to create useful experiences.”

TechCrunch said they contacted the web host of the database and it has since been pulled offline. 

Facebook came under fire in July for using deceptive practices when collecting users phone numbers for a security feature, which included advertising purposes. Facebook was fined a record-breaking $5 billion by the Federal Trade Commission (FTC) for a slew of violations from a 2012 settlement that included the deceptive phone practices. 

Editors' Recommendations

Allison Matyus
Former Digital Trends Contributor
Allison Matyus is a general news reporter at Digital Trends. She covers any and all tech news, including issues around social…
Facebook buys popular GIF platform Giphy for $400 million
Facebook buys Giphy

Facebook has purchased the GIF platform Giphy for a reported $400 million.

Facebook announced that Giphy's library of content will soon be further integrated into Instagram and the company's other apps.

Read more
Facebook will reportedly pay $52 million to employees who suffered PTSD
facebook home gallery 1

Facebook has reportedly agreed to pay its content moderator employees $52 million as part of a settlement over a lawsuit filed by workers who suffered mental health issues as a result of their jobs. 

The social media giant will pay a minimum of $1,000 to 11,250 content moderators who developed issues such as post-traumatic stress disorder because of the stressful job of moderating graphic and disturbing content on Facebook, according to The Verge. 

Read more
Facebook takes down misinformation networks linked to QAnon
mark zuckerberg speaking in front of giant digital lock

Facebook removed hundreds of accounts and pages involved in manipulating public debate, many based out of Russia and Iran, in April, the company announced on Tuesday, May 5.

Domestic accounts in the U.S. linked to QAnon conspiracy theorists were also removed as part of Facebook's latest salvo against misinformation, according to the latest Coordinated Inauthentic Behavior Report.

Read more