The phone numbers associated with over 400 million Facebook accounts were exposed online in the latest privacy dilemma for the social media giant. 

TechCrunch reported on Wednesday that an exposed server storing 419 million records was found online - 133 million belonging to U.S. users, 50 million Vietnamese users, and 18 million U.K. users. This server was not protected with a password, meaning anyone could access the database up until late yesterday evening once the host took down the site.

Each record contained a user's unique Facebook ID and phone number associated with the account. The users Facebook ID is a long, unique public number associated with the account. But users phone numbers have not been public since access to users' phone numbers was restricted in 2018 following the Cambridge Analytica scandal

Facebook has confirmed that there is some truth to these allegations but has noted that the number of accounts so far confirmed is less than half of the reported 419 million and that the majority of the data was old and contained duplicates. 

Facebook's latest data breach is a textbook example of the issue with storing data online, publicly without password protection. While data exposure is often linked to human error rather than malicious in nature, data exposures such as this put millions of users at risk for spam calls and SIM-swapping. SIM swapping involves tricking cell phone carriers into giving a person's phone number to an attacker which enables the attacker to force-reset passwords on any internet accounts linked to that phone number. 

This technique was recently carried out by the hacker group Chuckling Squad to hijack Twitter CEO Jack Dorsey's account and tweet offensive messages and declare a bomb threat. The tweets have since been removed and Twitter has temporarily disabled the feature that allows users to post tweets via SMS. 


The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.