419m phone numbers leaked in Facebook data breach

419m phone numbers leaked in Facebook data breach

Over 419 million records containing phone numbers and Facebook ID have been leaked online. Some records also contain names, gender and location information. Over 18 million records relate to UK users and over 133 million records for US users - a significant portion of the respective populations.

It looks like this data was scraped at a time when Facebook would allow searching by phone number to locate a user. By running a list of valid phone numbers through a search feature, it would be possible to populate a database with Facebook users and matching phone numbers by country. This feature has not been available on Facebook for over a year, so the data is likely older than this.

This breach was found by Sanyam Jain, a cyber-security analyst and member of the CGI foundation.

A Facebook spokesperson told TechCrunch:

This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.

These sort of scraping incidents are becoming more problematic, with 3rd parties scraping any and all available data available on social networks. Locking down your privacy settings may help with scraping attacks to a degree, as it will limit how automated tools can find your account.

The data available on this leak could allow scammers to find out personal information relating to a phone number (i.e. if your Facebook profile is public, a caller could know anything you post). This would make it much easier to trick unsuspecting users in to believing scam cold-call traps.
Ian Cunningham
First release
Last update

More resources from Ian