Huge Facebook leak exposes 400 MILLION users’ phone numbers in latest privacy lapse
Phone numbers linked to more than 400 million Facebook accounts have been posted online in the latest security disaster for the firm.
According to TechCrunch, 133 million US accounts, more than 50 million in Vietnam, and 18 million in Britain were among 419 million records left in an open online server that was not secured with a password.
Facebook has confirmed the report, but said the total number is likely to be around half because of duplicate entries.
This latest issue is thought to be from publicly available information previously used to allow people to search for others by using their phone number, which was disabled in April 2018 in response to the Cambridge Analytica scandal.
It is claimed that the server listed some accounts and their geographical locations, with a user’s unique Facebook ID stored alongside their phone number, as well as their gender.
An exposed server stored 419 million records on users across several databases. Included 133 million US accounts, more than 50 million in Vietnam, and 18 million in Britain (stock)
The server was not password protected, meaning anyone could access the databases.
It remained online until late Wednesday when TechCrunch contacted the site’s host.
Facebook confirmed parts of the report but downplayed the extent of the exposure, saying that the number of accounts so far confirmed was around half of the reported 419 million.
It added that many of the entries were duplicates and that the data was old.
‘The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised,’ a Facebook spokesperson told AFP.
Following the 2018 Cambridge Analytica scandal, when a firm used Facebook’s lax privacy settings to access millions of users’ personal details, the company disabled a feature that allowed users to search the platform by phone numbers.
The exposure of a user’s phone number leaves them vulnerable to spam calls, SIM-swapping – as recently happened to Twitter CEO Jack Dorsey – with hackers able to force-reset the passwords of the compromised accounts.
In July, the Federal Trade Commission announced that it had agreed a settlement with the social media giant which would see it pay a £4 billion fine and introduce a number of new audits into its business that would ensure privacy and data protection is in place.