Fars News Agency – A massive unsecured database containing hundreds of millions of phone numbers and other information linked to Facebook accounts was discovered online, TechCrunch reported on Wednesday.
Each record in the database included a phone number along with an identifier that could easily be linked to a specific Facebook account. Some of the records even included the user’s name and gender. TechCrunch reported that the exposed records included information on 133 million US users, more than 50 million Vietnamese users and 18 million UK users.
A Facebook official who insisted on speaking on background said the company found that many of the records were duplicative and estimated that the actual number of users exposed was about half of what TechCrunch reported.
The website reported that it had been alerted to the database by cybersecurity researcher Sanyam Jain. Neither Jain nor the outlet could determine the owner of the database. After the database’s web host was alerted, the information was taken down.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesman stated in a statement, adding, “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.” The records were likely scraped from Facebook before the company eliminated a feature that allowed users to be searchable by their phone numbers.
In April 2018, Facebook announced in a blog post that it had discovered “malicious actors” had taken advantage of the feature. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” the blog post read.