A recent Sophos article by John E Dunn reported the following:
A researcher has stumbled on a publicly exposed database containing the telephone numbers of hundreds of millions of Facebook users.
According to TechCrunch, Sanyam Jain of research non-profit the GDI Foundation recently found the unprotected database containing 419 million user records on a web host.
He wasn’t able to identify who put it there, but the recently exposed records contained each user’s unique Facebook ID along with their mobile or mainline phone number.
After TechCrunch checked the records, some contained users’ name, gender and location. The countries which appeared most often in the data were the US with 133 million numbers, Vietnam with 50 million, and the UK with 18 million.
Facebook later confirmed the breach, claiming to The Guardian that once duplicate records were removed, the total number of users in the database was 210 million.
According to Facebook’s Jay Nancarrow, the database appeared to have been ‘scraped’ before privacy changes implemented in 2018:
This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.
The data was now no longer accessible, and it was still investigating who might have collected it. The company had seen no evidence it had been used to compromise accounts, he added.
Comments