A day after Facebook claimed that a huge database of users’ phone numbers was no longer floating about freely on the internet, another live database containing similar information was unearthed by a U.K.-based cybersecurity researcher.
Elliott Murray, CEO of cybersecurity firm WebProtect, reported his findings to CNET. The publication was able to verify that the second database also contained actual phone numbers of Facebook users.
Murray said that a database of this magnitude is hard to come by and that it is “almost certainly the same data” that was also found previously.
Facebook is yet to comment on this newly discovered database of user phone numbers.
Facebook’s initial facepalm moment
The initial database containing phone numbers of millions of Facebook users was discovered on an insecure cloud server online on Wednesday. TechCrunch reported that the massive database listed phone numbers of Facebook users based in the U.S., U.K., and Vietnam.
This was a publicly accessible dataset and the phone numbers could be matched to unique Facebook user IDs, or even exact usernames in some cases.
Facebook confirmed at the time that around 220 million users were affected by this exposed data. However, in a statement to TechCrunch, the social media company claimed that it had taken down the information. Facebook added that it did not find any evidence of compromised accounts. Clearly, the information was either copied or was still somehow accessible following the latest news.
Didn’t Facebook restrict phone number access?
Yes, it has been over a year since Facebook removed the ability to search for people on the platform using their phone numbers. The company realized that people could have their public profiles scraped through the feature.
The move came in the wake of the Cambridge Analytica fiasco which affected more than 80 million Facebook users.
Now, Facebook claims that the phone number database could have been obtained before the company made changes to its policy in 2018.
A series of unfortunate events
Facebook, Instagram, and Whatsapp (all owned by Facebook) have been party to a streak of privacy breaches in the recent past. Data of around 49 million Instagram influencers was leaked online in May. In the same month, WhatsApp reported a vulnerability in its system that let hackers gain access to users’ phones.
These are no longer isolated incidents at Facebook and the leak of this user phone number database is the latest page in the company’s book on conundrums. Those looking to misuse this database could spam call users, or worse, swap their SIMs.
Check our are handy guide to learn more about managing your privacy on the Facebook.