Facebook on Thursday tried to downplay the scope and impact of a report that hundreds of millions of its users phone numbers were available for anyone to see online due to a lapse in security involving several databases around the world.
The latest Facebook security matter reportedly involved the phone numbers of 419 million users found on an exposed server that didn’t require a password for anyone to access. According to a report from TechCrunch, the databases involved included the records of 133 million Facebook users in the United States, 50 million of users in Vietnam, and 18 million records of users in the United Kingdom.
In addition to phone numbers, the records that were potentially visible also included Facebook users’ unique Facebook IDs, which could have been used to obtain a person’s Facebook username.
Facebook said the dataset of information referred to in the TechCrunch report was “old” and “appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.” The spokesperson added that the user data has been taken down “and we have seen no evidence that Facebook accounts were compromised.”
The company said it addressed the “underlying” issue of the visibility of users’ phone numbers in an April 4, 2018 Facebook newsroom post by Chief Technology Officer Mike Schroepfer. In that post, Schroepfer said Facebook had disables features that allowed people to search for others by using phone numbers and email addresses.
Facebook also said that much of the data in question involved duplicate information, and that the total number of phone numbers that were able to be found online was more likely half the amount mentioned in the TechCrunch report.