A huge database containing 419 million records linked to Facebook accounts have been leaked online.
According to a report from TechCrunch, the dataset had included 133 million records from U.S.-based Facebook users, 18 million from the U.K., and over 50 million from Vietnam.
In the same source, each record is said to have included a user’s ID and phone number. Some were also said to have contained the user’s name, gender, and location by country.
The latest security incident is seen by cybersecurity experts as an alarming issue that can put affected users at risk of receiving spam calls and SIM-swapping attacks. “With someone else’s phone number, an attacker can force-reset the password on any internet account associated with that number,” TechCrunch explained.
Sanyam Jain, the researcher who had discovered the database, revealed he also found profiles with phone numbers associated with several celebrities.
In an interview with Engadget, a Facebook spokesperson explained:
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.”
“The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4, 2018, by Facebook’s Chief Technology Officer.”
The tech giant also clarified that half of the information exposed in the database had been duplicated. This means only half of the originally reported 419 million accounts were actually affected.
Facebook also insisted that it is currently trying to cut down the risk of further data scraping, as reflected in the changes it made on its policies on April 4, 2018.
The recent incident is the latest addition to the chain of security issues that had affected Facebook for the past few years.
In March 2018, Facebook revealed that Cambridge Analytica, a firm that worked for Donald Trump’s 2016 presidential campaign, had obtained the personal data of up to 71 million Americans. This had led to Facebook having to pay a whopping $5 billion to settle the charge.
In the same year, millions of Facebook and Instagram users’ details had been exposed due to a data breach. A few months later, the social media giant announced that a data breach had affected the accounts of about 29 million of its users.