Facebook confirms millions of phone numbers leaked

Facebook has confirmed reports that hundreds of millions of user phone numbers have been discovered in an unprotected server.

The server, containing over 419 million records over several databases, was discovered by security researchers at the GDI Foundation, which detailed the findings to TechCrunch.

The exposed records, which appear to have been scraped from Facebook, included phone numbers and other user records for 133 million US accounts as well as tens of millions of overseas accounts.

Each record contained a user’s unique Facebook ID — which can be used to discern an account’s username, as well as in some cases, a user’s name, gender and location within a country.

The researchers found profiles with phone numbers associated with several celebrities.

In a statement Facebook confirmed the researchers’ findings, but said the data is old and has now been taken down, and that there is no evidence that any accounts were compromised. But the company has asserted that the server instead contained around 220 million records.

In April 2018, Facebook announced it had removed the ability to use another individual’s phone number or email address to help find their profiles.

At the time, CTO Mike Schroepfer said malicious actors had been using the feature to scrape public profile information by using purloined phone numbers or email addresses.

“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped this way,” he said.

The discovery marks the latest security black eye for Facebook, and could leave the company in even more hot water with global regulators that have already been investigating the company over its role in the Cambridge Analytica data harvesting scandal.

Image credit: ©stock.adobe.com/au/peshkova