Expert Reviews

To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

  • Home
  • Internet security
  • 400 million phone numbers of Facebook members leaked online including personal details of 18 million UK users

400 million phone numbers of Facebook members leaked online including personal details of 18 million UK users

News

Each record was linked to the phone owner's unique Facebook ID making it possible to find out their name and location

See Related
How to delete your Facebook account
Facebook urged to police fake Amazon review groups

Millions of phone numbers of Facebook members worldwide have been exposed online. 

According to reports in TechCrunch, security researcher Sanyam Jain from the GDI Foundation discovered the numbers in records stored on an unprotected server.

This server contains more than 419 million records spread over different databases, categorised by location. Some 18 million UK phone numbers have been exposed, 133 million US records and 50 million records revealing details about users in Vietnam.

Not only were the phone numbers exposed, but each record was also linked to the phone owner’s unique Facebook ID making it possible to find out their name, location and any other details that they have made public. This is a serious identity fraud risk and could be used for SIM-based attacks. Jain even told TechCrunch he had found celebrity phone numbers. 

Both Jain and TechCrunch have been unable to discover who owns the databases and why the data was scraped from Facebook in the first place.

READ NEXT: How to delete your Facebook account

What the report does add, however, is that phone numbers have not been public since April 2018 when Facebook updated its access policy. Before this change, people could search for a Facebook member using their phone number or email address. Writing in a blog post at the time, Facebook’s chief technology officer Mike Schroepfer explained the site disabled the feature because “malicious actors” had been abusing these features to scrape public profile information. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.” 

In response, Facebook said: “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”

Read more

News