A Facebook failure caused the phone numbers of millions of users to be exposed on the internet. The data was stored in several databases present on a server without a password and could be accessed by anyone.
The existence of the server was revealed by TechCrunch, who received information from security researcher Sanyam Jain. According to the website, the server had 419 million records with the phone number and an identification code, which can be used to discover the users’ names.
Of the total, 133 million records were from users in the United States. Another 18 million came from the United Kingdom and 50 million from Vietnam. In some cases, in addition to the phone number, the server had the user’s name, gender and country.
O TechCrunch says it confirmed several records from known phone numbers and that the data appears to have been sent to the server in August. This does not mean, however, that they have been collected recently. The information went offline after the site contacted those responsible for the server.
Facebook says the records were collected before its method of recovering accounts by email or phone number was discontinued. With it, anyone with one of these data had access to another user’s name. The solution was closed after the Cambridge Analytica case.
“This data set is old and appears to have information obtained before we made changes last year to remove the ability for people to find others using their phone numbers,” says Facebook, CNET.
“The data set was taken offline and we saw no evidence that Facebook accounts were compromised,” he added. The company says it is reviewing the records and that the total number drops to 200 million users without duplicates.