On Wednesday, it was reported that over 400 million Facebook users’ phone numbers were exposed online via an unprotected server. The databases containing these records were subsequently taken offline and Facebook later claimed that the databases contained duplicate records and that the information of around 210 million users was exposed. Now a new report from CNET is indicating that these exposed records are back online in another unsecured cloud server.
Each record from the original exposed database contained a phone number and an associated Facebook ID. Some records also contained the name, gender, and location by country of the Facebook user.
CNET spoke to the cybersecurity researcher Elliot Murray who says that he found a live, unsecured database containing “almost certainly the same data” that was found in the database of exposed Facebook records that was previously taken down. Murray says he was able to match multiple known phone numbers of Facebook users to the names listed in this database.
Facebook declined to comment on this latest report. When responding to reports of the original exposed database, Facebook said: “We have seen no evidence that Facebook accounts were compromised.”
The reports of these records re-emerging online comes after numerous recent privacy blunders from Facebook. At the end of last month, a researcher reported that Facebook’s Android app was sucking up system libraries without user permission. During the same month, Facebook admitted that unlinking Facebook and Instagram accounts isn’t actually possible because Facebook’s underlying infrastructure automatically connects information about users across its service. And before this, Facebook admitted that its Messenger Kids app was introducing children to adult strangers because of a technical error.