Millions of Facebook users’ phone numbers were exposed in an open online database, the company confirmed.
More than 419m Facebook IDs and phone numbers were stored in an online server that was not password protected, TechCrunch reports. About 133m records for users in the US, 18m records for users in the UK and 50m records for users in Vietnam was mentioned by TechCrunch in their investigations.
The database was taken offline after TechCrunch contacted the web host.
Facebook have confirmed the report and said it was investigating when the database was compiled and why it had no password.
The records were likely gathered using a tool that Facebook disabled in April 2018 in the aftermath of the Cambridge Analytica controversy.
“Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.” TechCrunch wrote.
They verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID.
Sanyam Jain, a security researcher and member of the GDI Foundation, found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, TechCrunch Techs also had trouble.
Sanyam said he found profiles with phone numbers associated with several celebrities.
No word on how many more Countries were potentially exposed, including Australia.