Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server was not protected with a password, anyone could find and access the database.
This is the latest security lapse involving Facebook data after a string of incidents since the Cambridge Analytica scandal, which saw more than 80 million profiles scraped to help identify swing voters in the 2016 U.S. presidential election.
This incident exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and SIM-swapping attacks. Sanyam Jain, a security researcher and member of the GDI Foundation, found the database. Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.