Another Security Breach! Phone numbers of 419 million people exposed in latest Facebook leak


Facebook is in soup again. In a latest breach, phone numbers of hundreds of millions of people associated with their Facebook profiles have been found on a database that is openly accessible to the people. The exposed database contains a total of 419 million records of Facebook account holders spread across geographies.

The exposed accounts includes 133 million records of Facebook users based in the United States, 18 million records of users based in the United Kingdom and more than 50 million records of users based in Vietnam, TechCrunch reported. This means that if you are living in India, your data was most likely not affected by this breach. The database was taken offline after the publication contacted the web host regarding the matter.

Also Read:

The records were most likely amassed using a tool that the social media giant disabled almost a year back in the wake of the Cambridge Analytica debacle wherein personal profiles of nearly 87 million Facebook users were harvested without their consent. The company had addressed this issue — wherein Facebook users could use people’s phone number to find them — in a blog post dating back to April 4, 2019.

“Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature,” Facebook’s chief technology officer, Mike Schroepfer had written in a blog post at the time.

“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers…The data set has been taken down and we have seen no evidence that Facebook accounts were compromised,” a Facebook spokesperson said in a statement to the US based media channels confirming the breach.