Millions of Facebook users’ phone numbers may still be exposed online
Data scraped from an exposed Facebook database containing user phone numbers and information that linked those phone numbers to names and other profile information has popped back up in a separate online repository, even after the initial database was mysteriously pulled offline, according to a report last night from CNET.
The initial, unprotected database contained more than 400 million records of Facebook users across the US, UK, and Vietnam. The exposure, reported first by TechCrunch earlier this week, is believed to have affected a total of around 200 million users.
Speaking with UK security researcher Elliott Murray, CNET reports that the current trove of phone number data appears to have been completely scraped from the earlier database. It’s unclear who owns either database, but Facebook confirmed the data was scraped from a server that stored it as part of a feature that let users look one another up by their phone numbers. Facebook has not said how the data was taken off Facebook servers and why it was available online without any form of security protection.