Report: Facebook Database Found Online Exposed Phone Numbers of Millions

Report: Facebook Database Found Online Exposed Phone Numbers of Millions

A database that was left without password protection was discovered by a security researcher, who said 419 million records of Facebook user phone numbers were exposed.

Following a year of vocal concerns from lawmakers and users about Facebook’s security practices, the social media giant is facing renewed outrage over a database discovered online that reportedly contained hundreds of millions of user phone numbers.

Security researcher Sanyam Jain found the database online and shared the discovery with TechCrunch. The database seems to be connected to a tool no longer used by Facebook that allowed users to search for potential friends based on phone number that a user had willingly given the site.

A server that did not belong to Facebook, and was publicly accessible without password protection, housed a database of the phone numbers. Jain told TechCrunch that he found several phone numbers of celebrities in the database, which was taken down after the news outlet contacted the web host. The owner of the server is still unknown.

While Jain said the database contained records of more than 419 million Facebook users, with 133 million alone in the U.S., Facebook’s PR team is telling reporters that the figure is bloated and that the server contained “closer to half” of 419 million, according to Gizmodo.

Jay Nancarrow, a spokesperson for Facebook, told TechCrunch that the data was scraped before Facebook cut off access to user phone numbers in April 2018.

“The data set has been taken down and we have seen no evidence that Facebook accounts were compromised,” he said.

Still, security experts note that cell phone number data in particular is sensitive to abuse from targeted robocalls, malware attacks and more.

“[Users] can’t recover by something as simple as changing their password – they would have to redo their Facebook account or get a different phone number – both very unappealing actions,” said Pankaj Parekh, chief product and strategy officer at SecurityFirst. “Another example of people’s personal data being exposed by careless actions of those trusted to safeguard it.”

Paul Bischoff, privacy advocate for Comparitech, said the exposure could put millions of Facebook users at risk of spam, harassment and SIM swap fraud. Because phone numbers are often used for two-factor authentication, the information could be abused by malicious actors, he added.

“By moving an existing phone number to a new SIM card, an attacker will receive the PIN number sent to the user's phone via SMS when logging in,” Bischoff said.

For Johnathan Deveaux, head of enterprise data protection at comforte AG, the main risk of the incident is the potential of spam calls, which are consistent nuisances even to people who have not had their phone number leaked.

“The more sensitive data a company has, the more critical it is to protect the data,” Deveaux said. “A ‘security-first’ policy employing a data-centric approach helps ensure data is protected throughout an organization.”

 

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.