419 million Facebook users’ phone numbers have been sitting unprotected on a server – meaning that anyone who found it could have accessed this data.
TechCrunch reports that each record on the server included the users’ public Facebook IDs and the phone numbers linked to the users’ accounts.
Facebook IDs can easily be used to work out the account’s username – meaning that it was easy for anyone who accessed the server to connect specific users to their phone numbers.
The exposed server was discovered by security researcher Sanyam Jain, who said that he was able to find the profiles and phone numbers of numerous celebrities.
In response, Facebook spokesperson Jay Nancarrow said the data had been scraped from Facebook before the company cut access to user phone numbers.
“The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”