Hundreds of millions of phone numbers associated with Facebook accounts were found online in a database. Left unprotected, the server hosted different databases belonging to users living in different countries.
The server had 419 million records in total, including 133 million records from US Facebook users, 18 million for users in the UK, and 50 million for users in Vietnam. Since the server is not even protected by a password, access to these databases can be easily accessed by anyone.
Each record in the database includes a user’s Facebook ID and the phone number in the account. Associating users’ unique Facebook ID with phone numbers makes it easy to identify the user, even if the account name changes.
When we consider that Facebook has blocked access to users’ phone numbers for more than a year, we may assume that this database was implemented a long time ago. Facebook official Jay Nancarrow’s statement supports this idea.
Nancarrow said in a statement that the data was obtained before Facebook blocked access to phone numbers, adding that there was no evidence that facebook accounts had been compromised.
The phone numbers that are associated with the Facebook IDs listed in the checks have been verified. Other records were also checked by matching phone numbers to Facebook’s password reset feature, which can be used to partially show a user’s phone number linked to their account.
In the meantime, some records include the names, genders and country of users. It’s also worth noting that users may be exposed to spam searches, scams, and SIM-switching attacks through the information in the database. he had encountered an attack.
This massive database was found by security researcher Sanyam Jain, a member of the GDI Foundation. Jain said he could not find out who the database belonged to, but said he found celebrity profiles and phone numbers in the database. The data was removed from the Internet after contacting the owner of the server where the database is located.