What’s the matter?
Security researcher Sanyam Jain uncovered an unguarded server that was left publicly accessible without any password protection.
Who all are impacted?
The server contained at least 419 million records linked to several Facebook users including celebrities.
What was exposed?
The big picture
The security researcher who found the leaky server contacted TechCrunch to assist him in finding the owner of the database. TechCrunch reviewed the database and verified the authenticity of the records by matching a known Facebook user’s phone number against the list of exposed Facebook IDs.
Researchers noted that the records appeared to be loaded into the unprotected database at the end of last month. However, the records are old. After this, they contacted the web host and secured the database.
What was the response?
A spokesperson for Facebook, Jay Nancarrow said that the exposed records are old and had been scraped before Facebook disabled access to user phone numbers.
“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised,” Nancarrow said, TechCrunch reported.