Millions want to cut the power of big tech – join us:

Over the last seven days, Facebook has admitted that it’s impossible to stop Facebook using data to connect Facebook and Instagram accounts, admitted that a technical error resulted in its Messenger Kids app introducing kids to adult strangers, and reportedly sucked up Android user’s system libraries without consent. Now a new report is indicating that hundreds of millions of Facebook user’s phone numbers have been exposed online.

TechCrunch is reporting that security researcher Sanyam Jain found an exposed server which contained 419 million Facebook user’s phone number. The server wasn’t protected with a password which means that anyone could find and access the databases on the server.

According to TechCrunch, each record in the databases found on these servers contained the user’s Facebook ID and the phone number associated with that Facebook account. In total, the database reportedly contained records for:

TechCrunch adds that some of the records in the database also contained the users’:

  • Name
  • Gender
  • Location by country

Jain says some of the records  in this database contained the phone numbers of celebrities.

It’s unclear who scraped this data from Facebook or when it was scraped. The database was taken offline after TechCrunch contacted the web host.

When asked for comment, Facebook spokesperson Jay Nancarrow said:

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

The exposure of these phone numbers is yet another incident that points to the inherent security risks associated with online services storing users’ phone numbers.

Earlier today, actress Chloë Grace Moretz’s had her Twitter account hacked after an apparent SIM swap. This was the latest in a series of Twitter hacks that appears to have been the result of SIM swapping – a technique where hackers trick carriers into transferring a target’s phone number to a SIM card that they control. Since this phone number is often used as an account recovery or verification tool by online service providers, once hackers have access to the phone number, they can use it to gain access to a target’s online accounts.

Become a supporter (it’s free)

Subscribe to our weekly Big Tech Watch insider newsletter and get all the NEWS and TOOLS you need to push back against tech giants and RECLAIM your digital liberty.

You email address will be used to send you newsletter updates.  Your email address will not be sold to third parties. Unsubscribe at any time. You can view our Privacy Policy here.