Password-Less Server Leaked Facebook IDs and Phone Numbers

Image containing the words “data breach”

A server found without a password contained over 419 million database records of Facebook users in the U.S., U.K. and Vietnam (via TechCrunch).

Data Leak

Security researcher Sanyam Jain found the database. Each record contained a unique Facebook ID and the phone number for that person’s account. There were 133 million records from the United States, 18 million in the U.K., and 50 million in Vietnam. Because the server wasn’t password-protected anyone could have found it before it was taken offline.

database with phone numbers
A record from the database. Credit: TechCrunch

Facebook spokesperson Jay Nancarrow told TechCrunch that the data was collected before Facebook made phone numbers private over a year ago.

This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.

Researchers don’t know who created the database or when it was created.

Further Reading:

[iOS 11: How to Delete Incorrect Website Passwords]

[How to Permanently Delete Your Facebook Account]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.