A server found without a password contained over 419 million database records of Facebook users in the U.S., U.K. and Vietnam (via TechCrunch).
Security researcher Sanyam Jain found the database. Each record contained a unique Facebook ID and the phone number for that person’s account. There were 133 million records from the United States, 18 million in the U.K., and 50 million in Vietnam. Because the server wasn’t password-protected anyone could have found it before it was taken offline.
Facebook spokesperson Jay Nancarrow told TechCrunch that the data was collected before Facebook made phone numbers private over a year ago.
This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.
Researchers don’t know who created the database or when it was created.