The data was stored on a server that wasn't even password-protected.

Sieve Vicious

Another day, another massive Facebook leak.

More than 419 million database records about hundreds of millions of Facebook users, including their personal phone numbers, were stored in an unprotected server, according to TechCrunch. That means anybody could've easily accessed the cache of personal data — a galling cybersecurity oversight.

Pulled Down

The rogue server — it's not clear who ran it — was discovered by  security researcher Sanyam Jain. Jain brought it to TechCrunch's attention after he couldn't figure out who the server belonged to or why it wasn't protected.

The server was promptly pulled offline after TechCrunch contacted its webhost.

Each of the records contains a unique ID, plus a phone number. The Facebook username can easily be gleaned from that information, as TechCrunch verified in its own investigation.

"Old " Data

If your phone number leaks online, it can invite spam and even open you up to two-factor authentication exploits.

The news comes after Facebook got caught "unintentionally" storing “hundreds of millions” of account passwords in plain text earlier this year.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesperson told TechCrunch. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

READ MORE: A huge database of Facebook users’ phone numbers found online [TechCrunch]

More on Facebook leaks: Facebook “Unintentionally” Uploaded 1.5 Million Email Contacts

Share This Article