Database leak exposed phone numbers belonging to a huge number of Facebook members

 Posted on May 29, 2024  |  3 minutes  |  469 words  |  Abbie Anker
Facebook has continued to have issues with leaked customer data and today another serious leak surfaced. TechCrunch reports that hundreds of millions of Facebook subscribers had their phone numbers listed in a database that was left exposed. The server contained records on 419 million people including 133 million Facebook users in the states, 18 million in the U.K. and over 50 million residing in Vietnam. Each record not only contained the user's phone number, but also included their Facebook ID. The latter is public knowledge, so that part of the leak by itself isn't bad. But the listing of members' phone numbers in combination with the leaked Facebook IDs can be used to identify the names belonging to the phone numbers. That type of detective work isn't required for the unfortunate Facebook members who had their names already listed in the database along with their gender and the country they live in.

Some of the information that was found in an unlocked database containing personal data from Facebook members

The database was not protected by a password and the leaked phone numbers could have been used to make spam calls. Even worse, with a phone number that belongs to a wireless carrier, a bad actor could change the password and address of an unsuspecting victim's wireless account. That could allow the hacker to order some expensive phones, have them shipped to his address and leave the victim holding the bag. The leak was discovered by security researcher Sanyam Jain, who said that the database included the phone number of several celebrities.

49 million Instagram members had their personal data exposed earlier this year

Facebook, as you might imagine, played down the leak with a spokesperson stating that there is no evidence that Facebook accounts were compromised. The spokesperson did say that the information had been data scraped before Facebook last year eliminated access to members' phone numbers. Once TechCrunch spoke to the database's web host, the data was taken offline. It also was able to confirm the legitimacy of some of the leaked phone numbers.,

"This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised."-Jay Nancarrow, spokesperson, Facebook


Even if this was an accidental data breach and more of a human error without malicious intent, it highlights a security problem at Facebook that the company can't seem to wrap its arms around. You might recall that last October 30 million Facebook members' email addresses and phone numbers were found to be accessible to others. Half of those affected also had other information leaked such as their religious affiliation, relationship status, search history, and address.

ncG1vNJzZmivp6x7sbTOp5yaqpWjrm%2BvzqZmp52nqHyHrcKemainm2LCtLHRrGSpoJ%2Bjsm661KaZnqqjYrmmrcqem2annqG2r7G%2BoptqaWhrhnM%3D