A Facebook server containing hundreds of millions of phone numbers linked to accounts on the platform was recently found online and unprotected by a password, TechCrunch reported Wednesday.
The phone numbers uncovered in the incident were associated with a feature that Facebook shuttered last year on the heels of the Cambridge Analytica scandal. While it was still active, the feature enabled Facebook users to search for someone based on their phone number.
Security researcher Sanyam Jain disclosed that he found more than 419 million user records stored on the exposed server; 133 million of those records were based in the U.S, and some also had the user’s name, gender, and location by country.
Information taken offline
In statements to the media, Facebook disputed the number of impacted users reported by TechCrunch. The company said it estimates the number of affected users is roughly half of the 419 million figure, and many entries in the server were duplicates.
Facebook added that it hasn’t found any evidence that user accounts were compromised.
"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," a company spokesperson said. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.