Facebook has confirmed that about 400 million phone numbers of users have been exposed in an online database, more than a year after Facebook disabled the feature that allowed someone to look up a user’s phone number.
As reported by TechCrunch, security researcher Sanyam Jain was able to locate an online database containing phone numbers linked to user IDs for over 419 million Facebook users and in some cases, the data included the user’s real name, gender, and country.
The exposed server was not protected with a password, and TechCrunch says it verified some of the numbers in the document. When the publication contacted the database’s web host, the information was taken offline.
Facebook told TechCrunch “the data set is old and appears to have been obtained before [the company] made changes last year to remove people’s ability to find others using their phone numbers.” The company says that data set has since been taken down and that it has no evidence Facebook accounts were actually compromised.
Earlier in May, data for 49 million Instagram users was leaked as well.