Jump directly to the content
ZUCKING HELL

Huge Facebook leak reveals phone numbers of 400MILLION users – including 18million Brits

FACEBOOK is embroiled in yet another scandal after reportedly leaking over 419million database records about hundreds of millions of its users.

The records were stored in an unprotected server meaning almost anyone could have easily accessed the personal data.

Names, phone numbers, genders and location by country have been leaked
2
Names, phone numbers, genders and location by country have been leaked

According to , the leaked data included users personal phone numbers, including those belonging to 18million Brits.

The rogue server was discovered by security researcher Sanyam Jain who highlighted it to TechCrunch after he couldn't figure out who was running it or why it wasn't protected.

What's even more concerning is that Facebook usernames could be easily discerned from the data meaning the phone numbers and other personal information could be linked to individuals.

Leaked phone numbers are so problematic because they can lead to spam calls, SIM-swapping attacks and can make some two-factor authentication passwords obsolete.

Hundreds of millions of users have had their phone numbers exposed
2
Hundreds of millions of users have had their phone numbers exposed

The leak exposed information about users from all over the world.

This includes 133million US-based Facebook users, 18million from the UK and more than 50million records on users based in Vietnam.

Almost all of the data included a user's unique Facebook ID and phone number but some of the records also revealed names, genders and location by country.

Phone numbers have not been public on Facebook for over a year now as the company made moves to make more user data private.

The database, which was said to include the phone numbers of a few celebrities, has now been taken offline.

A Facebook spokesperson told us that the data was collected before Facebook cut off access to user phone numbers.

They said: "This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.

"The data set has been taken down and we have seen no evidence that Facebook accounts were compromised."

Facebook also said that a large portion of the data set was duplicate data so it has confirmed less affected users than TechCrunch.
Facebook removed the ability to find friends using their phone number in April last year because it learned that malicious actors abused this feature.

Facebook's biggest cyber-security mistakes

Here's some of the major times Facebook let us down...

  • In 2007, Facebook's first targetted advertising product, Beacon, caused outrage because there was initally no opt-in option about the kinds of information users wanted to share
  • In 2009, a Federal Trade Commission investigation was triggered because Facebook users complained that the new privacy tools were too confusing and pushed users to make more of their personal information public
  • In 2010, it was revealed that advertisers were using a privacy loophole to retrieve revealing personal information about Facebook users and the company had to change its software
  • In 2011, the FTC charged Facebook with lying to customers about how their information could be kept private but making it public anyway
  • 2018 saw Facebook's biggest privacy scandal to date with reports that Cambridge Analytica misused user data and Facebook had to admit that it had failed to protect its users

Erich Kron, security awareness advocate at KnowBe4, commented: "The data involved here can be very valuable to attackers, as it contains individuals' unique Facebook ID and phone number.

"Because people often share very personal information on social media platforms, scammers can use the breach data to gain a wealth of information about the person and use that for scams.

"Children's names, online friends and family, political and religious beliefs and other sensitive information is a gold mine for scammers and now it's tied to a phone number.

"It is important for people to regularly check websites, such as , to see if they are the victim of a data breach already."

Five surprising ways social media affects the mind and body - including making women more aggressive and changing your favourite colour

TOP STORIES IN TECH

Exact two temperatures you must keep your iPhone between or risk a big bill
HOT STUFF

Exact two temperatures you must keep your iPhone between or risk a big bill

Samsung's 'AI TV fridge' has cameras to 'order food when you’re low'
SAM-THING FOR DINNER?

Samsung's 'AI TV fridge' has cameras to 'order food when you’re low'

Mysterious metal ring crashes to Earth as experts warn over growing 'space junk'
ROCKET MAN

Mysterious metal ring crashes to Earth as experts warn over growing 'space junk'

Prehistoric RUNNING CROC could sprint on two legs to hunt dinosaurs
MEET THE SUPER-CROC

Prehistoric RUNNING CROC could sprint on two legs to hunt dinosaurs

In other news, Facebook will stop using facial recognition on your pictures after a court battle.

The tech giant could also be getting rid of ‘likes’ after Instagram ditched the feature to ‘remove pressure’.

And, this new Instagram scam campaign is attempting to trick people into handing over their login details.

What do you think of this Facebook leak? Let us know in the comments...

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

Topics
YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU