hero image

Facebook has faced privacy scandals in the past, and that doesn’t seem to be ending any time soon. A recent report revealed that over 419 million Facebook accounts, including phone number linked to the accounts, were found online where they could be accessed easily.

Records found in unprotected databases

The records from users from different regions were found in several databases that were not protected. Out of the 419 million records, around 133 million were on US Facebook users, 18 million from UK-based Uses, and over 50 million records on Vietnamese users. Since the database wasn’t password-protected, anybody could access the records.

The information posted for each account contained users’ ID as well as the associated phone number to the account. Some records even include the gender of the user. A Facebook user ID is normally unique, long, and a public number linked to the account and can easily identify the username of a user.

For over a year now, phone numbers have been private after Facebook restricted access to phone numbers. Facebook made changes to protect personal data better. The change made in April 2018 has done little to protect users owing to this massive and embarrassing data leak. This is the latest data privacy breach involving Facebook after a series of scandals.

Facebook has been at the center of data breach scandals

In 2016 the company was in a scandal involving Cambridge Analytica where over 80 million accounts were scraped to determine swing votes in the US presidential election. Since the incident, Facebook has faced around seven high profile scraping cases, including one with its affiliate site Instagram that admitted recently to have profile data scarped in bulk.

The exposure of phone numbers of user accounts puts them at risk of spam calls as well as SIM-swapping attacks. Attackers can trick carriers into providing a user’s phone number. With the phone number, it is easier to force reset the account password of any account linked to it.

A Facebook spokesperson said that the data set was from before last year when the company restricted user’s phone numbers.