According to a report by TechCrunch, over 419 million phone numbers linked to Facebook accounts have been found online on an exposed server that contained records over several databases on users from various regions. And since the server wasn’t password-protected, anyone could access the database.
Sanyam Jain, a security researcher and member of the GDI Foundation, found the database and contacted TechCrunch after he was unable to find the owner.
The server contained 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and more than 50 million records on Facebook users in Vietnam.
Each record contained a user’s unique Facebook ID and the phone number listed on the account. Moreover, some of the records also had the user’s name, gender, and location by country. But since Facebook has now restricted access to users’ phone numbers, the exposed phone numbers have not been public for over a year.
TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.
Meanwhile, Facebook spokesperson Jay Nancarrow told the source that the data had been scraped before Facebook cut off access to user phone numbers.