Facebook blunder: phone numbers of over 60% of US users exposed online

Yet another privacy blunder from Facebook.


Over the last seven days, Facebook has admitted that it’s impossible to stop Facebook using data to connect Facebook and Instagram accounts, admitted that a technical error resulted in its Messenger Kids app introducing kids to adult strangers, and reportedly sucked up Android user’s system libraries without consent. Now a new report is indicating that hundreds of millions of Facebook user’s phone numbers have been exposed online.

TechCrunch is reporting that security researcher Sanyam Jain found an exposed server which contained 419 million Facebook user’s phone number. The server wasn’t protected with a password which means that anyone could find and access the databases on the server.

According to TechCrunch, each record in the databases found on these servers contained the user’s Facebook ID and the phone number associated with that Facebook account. In total, the database reportedly contained records for:

TechCrunch adds that some of the records in the database also contained the users’:

  • Name
  • Gender
  • Location by country

Jain says some of the records  in this database contained the phone numbers of celebrities.

It’s unclear who scraped this data from Facebook or when it was scraped. The database was taken offline after TechCrunch contacted the web host.

When asked for comment, Facebook spokesperson Jay Nancarrow said:

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

The exposure of these phone numbers is yet another incident that points to the inherent security risks associated with online services storing users’ phone numbers.

Earlier today, actress Chloë Grace Moretz’s had her Twitter account hacked after an apparent SIM swap. This was the latest in a series of Twitter hacks that appears to have been the result of SIM swapping – a technique where hackers trick carriers into transferring a target’s phone number to a SIM card that they control. Since this phone number is often used as an account recovery or verification tool by online service providers, once hackers have access to the phone number, they can use it to gain access to a target’s online accounts.


Tom Parker

Tom Parker is a head contributor for Reclaim The Net and provides news and analysis on how we can promote free speech, stop censorship, and protect our personal data online. [email protected]
Do NOT follow this link or you will be banned from the site!