Skip to main content

Facebook’s latest security lapse exposes millions of user phone numbers and more

Facebook’s latest privacy lapse has exposed over 400 million user records on a server that wasn’t protected with a password. TechCrunch reports today that each record contained a user’s Facebook ID and the phone number linked to their account.

The server included records across several databases, including 133 million records for US Facebook users, as well as records for 18 million UK users and over 50 million users in Vietnam.

Each record included a user’s Facebook ID, which TechCrunch describes as a “long, unique, and public number associated” with Facebook accounts. That ID can then be used to figure out an account’s username. Each record also contained a user’s phone number, and in some instances name, gender, and location by country.

TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.

Most notably, phone numbers have not been public on Facebook in more than a year after the company changed its policy. This is what makes it so notable that over 400 million records with phone numbers were left unprotected.

In a statement, a Facebook spokesperson said the dataset is “old” and has information from before the company’s policy change related to phone numbers:

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

Facebook has had a rough history with user phone numbers. Over the last year, the company has faced a pair of controversies over how it used phone numbers users had provided for two-factor authentication purposes.

FTC: We use income earning auto affiliate links. More.

Withings smart scale
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications