Thursday 5 September 2019 11:55 am

Huge Facebook data leak exposes phone numbers of 419m users

Phone numbers linked to the accounts of more than 419m Facebook users have been exposed in the tech giant’s latest data breach.

Databases relating to 133m US Facebook accounts, 50m accounts in Vietnam and 18m UK accounts were found on a server that was not secured by a password, Techcrunch reported.

Read more: Facebook’s Libra proposals could undermine monetary powers, ECB warns

In addition to phone numbers, each record also contained the person’s Facebook ID, which can be used to discern their username.

Some of the records also listed the user’s name, gender and location by country, according to the report. The databases have since been taken down.

Facebook admitted the existence of the datasets, but said much of the data was duplicated and the number of accounts affected was closer to half of the reported 419m figure.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesperson said.

“The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

The information cache, which was discovered by a security researcher, is the latest data breach to hit the social media behemoth.

The Silicon Valley firm has admitted to a series of data leaks across its Facebook and Instagram platforms, as well as security flaws in its Whatsapp messaging service.

Facebook has come under increased scrutiny from regulators in both the UK and the US since the Cambridge Analytica scandal, when data belonging to more than 80m profiles was misused for political advertising.

Joseph Carson, chief security scientist at software company Thycotic, accused Facebook of trying to “reduce accountability by stating that the data is old”.

Read more: Facebook risks hit to advertising revenue as it unveils new privacy feature

“However, this does not make any difference when such data does not change meaning that while old, it is very likely to be still accurate and valid,” he said.

Eoin Keary, chief executive and co-founder of cybersecurity firm Edgescan, said: “The root cause of this issue is lack or procedure in relation to tracking digital assets and applying the appropriate security.”

Main image credit: Getty