It seems as if as soon as Facebook recovers from one controversy it finds itself in another. Case in point – this week it was discovered that some 419 million phone numbers belonging to Facebook users were discovered online.
The discovery was made earlier this week by a security researcher Sanyam Jain who alerted TechCrunch to the existence of a database containing user data. According to reports the database was sitting online on an unprotected server.
Once the database was found visitors would find Facebook IDs and phone numbers listed alongside those IDs. Using these IDs as well as the phone numbers, it becomes trivial to identify people.
TechCrunch went on to verify that the data was legitimate and was successful in doing so but was told by Facebook that the data was rather old.
“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone number,” Facebook spokesperson Jay Nancarrow told TechCrunch.
The spokesperson added that the data set had been taken down and that Facebook had seen no evidence that accounts were compromised as a result of this data.
What Facebook can’t tell us right now, however, is who compiled it or when this data was compiled. Last year Facebook made the decision to make phone numbers private by default so it’s likely this data was scrapped before that policy went into effect. It’s also likely that this database was available without protection because of human error.
TechCrunch reported that of the 419 million records, 133 million are US based, 18 million are in the UK and 50 million contain data from users in Vietnam.
Of course this is not the first time a profile firm has left user data exposed online for anybody to grab and we’re sure this won’t be the last time.