Unguarded database exposed millions of Facebook users’ phone numbers, the social media company admits

Unguarded database exposed millions of Facebook users’ phone numbers, the social media company admits
In this April 30, 2019 file photo, Facebook CEO Mark Zuckerberg, left, makes the keynote speech at F8, the Facebook's developer conference, in San Jose, Calif. Facebook may have to wait a little longer before resolving a U.S. government investigation into the company's mishandling of personal information on its social network. The Wall Street Journal is reporting that a settlement with the Federal Trade Commission is being delayed by political wrangling. The FTC declined comment Friday, May 24. (AP Photo/Tony Avelar , File) (Source: Tony Avelar)

(Gray News) - A database left millions of phone numbers linked to the company’s social media accounts visible online, a spokesperson from Facebook admitted.

Security researcher Sanyam Jain contacted TechCrunch after finding more than 410 million records associated with Facebook accounts worldwide, including more than 130 million from the U.S., online without password protection.

Each record had a Facebook user’s ID, which is a long string of numbers that can be traced back to a user’s account, as well as their phone number.

A spokesperson from the social media company confirmed to CNN Business that the finding was genuine, but said because of duplicate entries, not as many numbers were exposed as Techcrunch reported.

Among the records were phone numbers associated with several celebrities, Jain told Techcrunch.

A Facebook spokesperson said the company has launched an investigation into the database.

An old feature allowed people to find Facebook users by inputting their phone numbers, but Facebook disabled that functionality in April 2018 amid the Cambridge Analytica scandal.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said to CNN. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

The company didn’t say whether those affected will be notified, The Guardian reported.

Malicious actors can game the system by having someone’s phone number and information obtained from social media sites, allowing them to pull tricks like taking someone’s phone number, putting it on another cell phone and wreaking havoc.

A hacker was able to temporarily gain control of Twitter CEO Jack Dorsey’s Twitter account through such a maneuver, sending offensive Tweets until Twitter put a stop to it.

Copyright 2019 Gray Television Group, Inc. All rights reserved.