Over 400M Facebook Users’ Records Exposed Online

Facebook with magnifier

A security researcher has found an exposed server containing hundreds of millions of phone numbers linked to Facebook accounts, TechCrunch reported Wednesday (Sept. 4).

Sanyam Jain, a security researcher and member of the GDI Foundation, found the database with more than 419 million records over several databases, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

The server wasn’t protected with a password, and Jain contacted TechCrunch after he was unable to find the server’s owner.

Each record contained a user’s unique Facebook identification, as well as the phone number on the account. Jain revealed he found a number of accounts belonging to celebrities, and TechCrunch was able to verify a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. Some of the records also had the user’s name, gender and location by country.

“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” Facebook spokesperson Jay Nancarrow said. “The data set has been taken down, and we have seen no evidence that Facebook accounts were compromised.”

This is just the latest security issue for the social media giant, which most notably saw its reputation tarnished by the Cambridge Analytica scandal, which saw more than 80 million profiles scraped to help President Donald Trump get elected in 2016. Since then, the company has also been hit with additional scraping incidents, including one that impacted Instagram.

In April, the company also admitted it might have “unintentionally uploaded” the email contacts of 1.5 million new users since May 2016. Facebook said it stopped offering email password verification as an option for first-time signups in March. However, there were cases of people’s email contacts being uploaded to Facebook when accounts were created.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded,” Facebook said at the time. “These contacts were not shared with anyone and we are deleting them.”



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.