An exposed server of 419 million phone numbers linked to Facebook accounts across the world was found unprotected online, 133 million of which were based in the United States.
One of the world’s premier tech companies didn’t protect such a large server with a password, and as such, anyone could have accessed the information inside, Tech Crunch reported Wednesday — the same day Facebook released a white paper on data privacy.
Each record contained a Facebook user’s unique ID and phone number listed on the account, which Facebook has admitted is now mandatory of its users. Some records also had the user’s name, location by country, and gender.
Notably, Facebook has previously allowed users to search for them by phone number, even when users hide their phone number from the public on the platform.
Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.
“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” Nancarrow said. “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
This isn’t the first time Facebook’s data security has been called into question.
Hackers were able to breach 29 million Facebook accounts in a single security breach last year. Moreover, in that breach, Facebook warned its employees about the breach, but not its users, according to court filings.
Facebook was sued in a class-action lawsuit because of that security breach.
“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs said in the filing in the U.S. District Court for the Northern District of California in San Francisco.
Additionally, U.S. intelligence officials recently met with Facebook executives to discuss its security for the 2020 election cycle, Bloomberg reported.
On Wednesday, at Facebook’s headquarters in Menlo Park, California, staff from the Department of Homeland Security, the Federal Bureau of Investigation and the Office of the Director of National Intelligence, met to discuss the technology industry’s security efforts ahead of the elections.
Representatives from Twitter and Microsoft were there, as well as executives from Google.
The meetings, which took all day, were led by Nathaniel Gleicher, Facebook’s head of cybersecurity policy, led the meeting, according to a person familiar.
They discussed how these tech companies were preparring for election-related security issues, including disinformation campaigns possibly led by U.S. adversaries like Russia, and how tech companies could work better with government agencies on security efforts.