More than 419 million users had personal information exposed by a Facebook server breach found online. The leak in question was found by a massive database of phone numbers and their associated Facebook profiles being detected online without any password protection.
This embarrassing gaffe is hardly the first for Facebook, who had a similarly appalling data breach in 2016 with the Cambridge Analytica scandal, in addition to numerous others in the years since.
Somehow, data including phone numbers, some location information, and Facebook IDs were scraped from the site and stored on a database online. This database could be accessed by anyone and didn’t require a password. Due to the phone numbers included alongside the Facebook IDs, it would be a simple task to find out the phone number of any Facebook user affected by the breach.
Troublingly, this means that not only are people’s phone numbers exposed, but their number’s connection to a Facebook profile is also exposed. This means that it is that much easier for an identity thief or con artist to triangulate your online identity and attempt to run a grift using your info.
According to a Facebook spokesperson named Jay Nancarrow, this data was likely scraped from the site before Facebook stopped allowing developers to access user phone numbers. “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” says Nancarrow.
“The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.” However, this doesn’t explain who scraped the data, why they had access to it, and what exactly it was being used for. In light of the numerous data breaches from Facebook over the years, this news is more than a little troubling.
Phone numbers connected to Facebook IDs are a serious problem to have just floating around the internet. Facebook IDs also include harvested data such as ad preferences, age, gender, ethnicity, and location.
This means that targeted spam phone calls and identity theft become that much more likely with phone numbers out in the open. This is just another in a long string of high-profile Facebook data breaches.