Millions of phone numbers associated with Facebook accounts have been discovered in an exposed database.
A server that wasn’t protected by a password was found to contain over 419 million records from Facebook users worldwide: 133 million U.S. records, 18 million U.K. records, and more than 50 million records from Vietnam, TechCrunch reports.
The records reportedly contained users’ Facebook IDs and the phone number associated with each person’s account. Some records even had users’ names, gender, and location.
Facebook responded to last year’s Cambridge Analytica incident by disabling the phone number feature that allowed people to use another person’s phone number to find them on Facebook.
Facebook said on Wednesday that the data found on the exposed server was old data from before the phone number feature was disabled.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesperson told Digital Trends. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook’s Chief Technology Officer.”
In that post, Facebook chief technology officer Mike Schroepfer wrote that the phone number feature had often been abused.
“…Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery,” he wrote. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.”
Schroepfer also promised that changes to private data would ” better protect people’s information while still enabling developers to create useful experiences.”
TechCrunch said they contacted the web host of the database and it has since been pulled offline.
Facebook came under fire in July for using deceptive practices when collecting users phone numbers for a security feature, which included advertising purposes. Facebook was fined a record-breaking $5 billion by the Federal Trade Commission (FTC) for a slew of violations from a 2012 settlement that included the deceptive phone practices.