Unprotected databases are behind a leak that exposed information, including unique identifiers and phone numbers, on more than 419 million Facebook users – 133 million of those records belonging to users in the U.S.

Security researcher Sanyam Jain, a GDI Foundation member, discovered the databases, which were not password-protected. The records were apparently scraped from the social media platform more than a year ago before the company "made changes last year to remove people's ability to find others using their phone numbers," a TechCrunch report cited a Facebook spokesman as saying.

“Think hard before giving your phone number to any social networking business – they are in the business of aggregating and monetizing consumer data,” warned Lucy Security CEO Colin Bastable. “And the phone number can be used to compromise your account. Online businesses often ask for the number “in case you need to recover access to your account.”

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.