Phone numbers linked to the Facebook accounts of hundreds of millions of users has been found online on an insecure server in the latest privacy gaffe for the social media giant.
The server, which lacked password protection, contained more than 419 million records over several databases of Facebook users across multiple geographies—including 133 million records of U.S.-based users–according to a published report. Eighteen million records of users in the United Kingdom and 50 million records of Vietnam-based users also were held on the server, according to the report.
Specifically, each record contained both the ID and phone number listed on the account of a unique Facebook user. While the names of users weren’t listed in the records, it’s not difficult to track down user account names using the ID number–a long, unique and public number associated with a user account, the report added.
Facebook already has come under considerable fire over privacy concerns and its indiscriminate ways of collecting data from its roughly 2.4 billion users worldwide. Researchers said the latest breach is particularly egregious because Facebook has restricted access to user phone numbers for more than a year as a part of an effort to improve data practices.
While the numbers associated with the latest breach appear to be data published online from before the company stopped publicizing numbers, it’s still worrisome that they’ve been made available, they said.