Over 419 million records containing phone numbers and Facebook ID have been leaked online. Some records also contain names, gender and location information. Over 18 million records relate to UK users and over 133 million records for US users - a significant portion of the respective populations.
It looks like this data was scraped at a time when Facebook would allow searching by phone number to locate a user. By running a list of valid phone numbers through a search feature, it would be possible to populate a database with Facebook users and matching phone numbers by country. This feature has not been available on Facebook for over a year, so the data is likely older than this.
This breach was found by Sanyam Jain, a cyber-security analyst and member of the CGI foundation.
A Facebook spokesperson told TechCrunch:
These sort of scraping incidents are becoming more problematic, with 3rd parties scraping any and all available data available on social networks. Locking down your privacy settings may help with scraping attacks to a degree, as it will limit how automated tools can find your account.
The data available on this leak could allow scammers to find out personal information relating to a phone number (i.e. if your Facebook profile is public, a caller could know anything you post). This would make it much easier to trick unsuspecting users in to believing scam cold-call traps.
It looks like this data was scraped at a time when Facebook would allow searching by phone number to locate a user. By running a list of valid phone numbers through a search feature, it would be possible to populate a database with Facebook users and matching phone numbers by country. This feature has not been available on Facebook for over a year, so the data is likely older than this.
This breach was found by Sanyam Jain, a cyber-security analyst and member of the CGI foundation.
A Facebook spokesperson told TechCrunch:
These sort of scraping incidents are becoming more problematic, with 3rd parties scraping any and all available data available on social networks. Locking down your privacy settings may help with scraping attacks to a degree, as it will limit how automated tools can find your account.
The data available on this leak could allow scammers to find out personal information relating to a phone number (i.e. if your Facebook profile is public, a caller could know anything you post). This would make it much easier to trick unsuspecting users in to believing scam cold-call traps.