Another month, another Facebook data breach. As reported by TechCrunch, security researcher Sanyam Jain was able to locate an online database containing phone numbers linked to user IDs for over 419 million Facebook users.
While linking phone numbers to user IDs is bad enough, in some cases the data included the user’s real name, gender, and country. The exposed server was not protected with a password, and TechCrunch says it verified some of the numbers in the document. When the publication contacted the database’s web host, the information was taken offline.
Facebook told TechCrunch “the data set is old and appears to have been obtained before [the company] made changes last year to remove people’s ability to find others using their phone numbers.” The company says that data set has since been taken down and that it has no evidence Facebook accounts were actually compromised.
Nonetheless, it’s another worrisome incident in a series of major data breaches at Facebook – in May, data for 49 million Instagram users was leaked as well. Even if the data is no longer available, there’s no guarantee bad actors haven’t come across it.
Given people don’t change their phone numbers very often, Facebook’s claim that the data is old is not particularly relevant. It’s not clear how the data was obtained or who stored it, but it shows major tech companies still have a ways to go to ensuring users their data is secure.