Millions of Facebook users' phone numbers leaked online: Details here
Another day, another critical security lapse at Facebook! A new report from TechCrunch has revealed that hundreds of millions of phone numbers linked to Facebook accounts have been leaked online. They were exposed on a public server, waiting openly to be discovered and perhaps even misused by a threat actor. Here's all about the leak.
Database with over 419 million entries discovered
Just recently, a security researcher by the name of Sanyam Jain found the server containing Facebook-linked phone numbers and reported the matter to TechCrunch. The outlet then verified the claim and found that the database indeed carried more than 419 million entries. These records had Facebook IDs, a long public number unique to every Facebook account, and phone numbers associated with them.
User nationality, gender also revealed in the database
Along with the phone numbers, the leaked database also mentioned the country of the user as well as their gender. It didn't mention names (in most cases) but one can figure that out easily by using the number and any publicly-available called ID program. To note, Jain even claimed that some of the numbers found in the database were linked to celebrity accounts.
Data scraped before rules regarding number access were changed: Facebook
While the issue raises major concerns over Facebook's data security practices, the social network has clarified that the information appears to have been scraped before it changed rules regarding number access. "This data set is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," a company spokesperson claimed.
No word on who uploaded this data
Even though this is old information, it remains unclear who obtained this data and how. Plus, there is also no way to say if anyone else accessed the open database before Jain. The information was uploaded late last month, but the good news is, it has now been taken offline by the web host.
