Sanyam Jain, a security researcher at The Hague-based non-profit organization GDI Foundation, has discovered a massive database containing over 419 million phone numbers of Facebook users on an unsecured server, available for anyone to access.
The database included 133 million records of US-based Facebook users, 18 million records of users in the United Kingdom, and more than 50 million of users in Vietnam, TechCrunch reported on Wednesday.
According to Jain, he found profiles with phone numbers associated with several celebrities.
“Jain… found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, neither could we. But after we contacted the web host, the database was pulled offline,” said the report.
This latest data breach exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and ‘SIM-swapping’ or ‘SIM jacking’ where a mobile number is transferred to a new SIM card.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesperson was quoted as saying by the technology news website Engadget.
After the web host was contacted, the Facebook users’ database was pulled offline.
Some of the records also had the user’s name, sex, and location by country.
There have been several incidents after the Cambridge Analytica episode involving 87 million users where Facebook acknowledged a series of privacy lapses, including the latest admission that it mishandled millions of users’ passwords on Instagram and “unintentionally” uploaded emails of nearly 1.5 million of its new users.