Phone numbers for as many as 419 million Facebook users were reportedly found sitting online in a file where anybody could have found them
- Phone numbers linked to over 400 million Facebook accounts were recently found on an online server that was not password-protected, according to a TechCrunch report on Wednesday.
- That information, according to the report, included users' Facebook IDs (which are strings of numbers used by the company to uniquely identify an account) and the associated phone number for each account.
- Some records also included the user's name, gender, and country in which they resided.
- The issue, a Facebook spokesperson told Business Insider on Wednesday, stemmed from a feature, which has since been shut down, that allowed users to search for friends by their phone numbers. Third parties could have used that feature to harvest the information.
- The databases have since been pulled offline after the web host was contacted, TechCrunch said.
- For more stories go to the Business Insider South Africa homepage.
Facebook told Business Insider that there was no evidence that any users had their accounts compromised and that the number of affected users was likely around half of what TechCrunch reported, as its team analyzed the data set and found duplicate records. Facebook would not put an exact number to the users it estimated to be affected by the exposure, but half of the reported number would be around 200 million users.
The database was brought to TechCrunch's attention by a security researcher, who discovered the information sitting in plaintext - meaning it wasn't encrypted at all. This information appears to have been gathered by a third party, who left it exposed to the internet. The database was taken offline after the web host was contacted, TechCrunch said.
The information in question, according to the report, included users' Facebook IDs - which are strings of numbers used by the company to uniquely identify an account - and the associated phone number for each account. Some records are said to have included the user's name, gender, and country in which they resided.
TechCrunch reported that 133 million of the 419 million records discovered on the server were associated with American users.
The issue, a Facebook spokesperson told Business Insider on Wednesday, stemmed from a feature, which has since been shut down, that allowed users to search for friends by their phone numbers. Facebook said malicious actors were able to use this feature to scrape information, including phone numbers, from users' accounts.
Facebook shut down the ability to search for friends by phone number in April 2018.
"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," a Facebook spokesperson told Business Insider. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer."
The finding is the latest example of data-protection issues surrounding the social-networking giant. Just last month, Business Insider's Rob Price reported that Facebook was launching a review of hundreds marketing and advertising firms amid indications of widespread misuse of Instagram user data, including data scraping of users' public data without their consent.
Receive a daily email with all our latest news: click here.
Also from Business Insider South Africa:
- No, you won’t pay thousands of rands in fines for driving between Joburg and Pretoria with unpaid e-tolls for now - here’s what the Aarto Act actually means
- How the world is covering SA’s flare up of violence - from Bloomberg to the New York Times
- A vegan sued her neighbours for cooking meat in their backyard, and now thousands are planning a barbecue just to annoy her
- We tried the Swiss Army knife of hoodies, made in South Africa, and we love all its features – even if we’ll never use them all
- Slack is changing the way we chat at work. Here's an etiquette guide to help you survive a messaging-obsessed office.
- Inside Trump's controversial luxury golf resort in Ireland, where Pence spent US tax dollars and sparked outrage