The researcher found on the server user data, divided by geographic region: 133 million user records from Facebook from the United States, 18 million user records from the UK and more than 50 million user records from Vietnam.
Each entry contained a unique user ID associated with the account phone number, and in some cases also the user name, gender and location data. Journalists checked the information contained in the database and were able to confirm its authenticity. Worse, the database revealed data from many famous personalities.
The problem is that Facebook limited access to the phone numbers of its users more than a year ago, both for developers and for the users themselves. This happened after a scandal with Cambridge Analytica, which revealed an information leak to 87 million people whose data ended up in the possession of third-party companies that misused it.
Representatives of Facebook told TechCrunch that the detected dump was clearly outdated and was made at a time when collecting phone numbers of users of the social network was not a problem. The company also said that only 220 million records could be found on the server.
According to journalists, questions about who exactly owned this base, who collected it and why, remain open. Leaking phone numbers can expose users to SIM swap attacks, phone spam, and so on. Moreover, attackers can easily match a unique ID to a user account by gathering more information about the intended victim.
