(Gray News) - A database left millions of phone numbers linked to the company’s social media accounts visible online, a spokesperson from Facebook admitted.
Security researcher Sanyam Jain contacted TechCrunch after finding more than 410 million records associated with Facebook accounts worldwide, including more than 130 million from the U.S., online without password protection.
Each record had a Facebook user’s ID, which is a long string of numbers that can be traced back to a user’s account, as well as their phone number.
A spokesperson from the social media company confirmed to CNN Business that the finding was genuine, but said because of duplicate entries, not as many numbers were exposed as Techcrunch reported.
Among the records were phone numbers associated with several celebrities, Jain told Techcrunch.
A Facebook spokesperson said the company has launched an investigation into the database.
An old feature allowed people to find Facebook users by inputting their phone numbers, but Facebook disabled that functionality in April 2018 amid the Cambridge Analytica scandal.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said to CNN. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”
The company didn’t say whether those affected will be notified, The Guardian reported.
Malicious actors can game the system by having someone’s phone number and information obtained from social media sites, allowing them to pull tricks like taking someone’s phone number, putting it on another cell phone and wreaking havoc.
A hacker was able to temporarily gain control of Twitter CEO Jack Dorsey’s Twitter account through such a maneuver, sending offensive Tweets until Twitter put a stop to it.