A security researcher reportedly found the more than 419 million records in an unprotected database

By Char Adams
September 05, 2019 01:55 PM
Valentin Wolf/imageBROKER/REX/Shutterstock

Hundreds of millions of Facebook users’ personal information — including phone numbers, name and locations — have reportedly been found in an unprotected online database more than a year after the company shut down its phone number identification feature.

A security researcher found the more than 419 million records in an unprotected database, and 133 million of those are U.S.-based Facebook users, TechCrunch reported. Anyone can find and access the database because it is not protected with a server, according to the report.

“Each record contained a user’s unique Facebook ID and the phone number listed on the account,” TechCrunch reported. “A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.”

The discovery comes 18 months after the world learned of the Cambridge Analytica scandal in March 2018, which revealed the company let third-party companies retrieve user data to target voters in the 2016 presidential election.

Mark Zuckerberg

In the wake of the incident, Facebook shut down a feature that allowed people to find a Facebook account with a user’s phone number, noting that “malicious actors” had abused the function. Now, in a statement to PEOPLE, Facebook says the information in the database was obtained before they disabled the phone number feature.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokesperson tells PEOPLE.

“The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook’s Chief Technology Officer.”

This isn’t the first privacy scandal Facebook has faced.

RELATED: Mark Zuckerberg Says Facebook Will Make Shift Toward Becoming ‘Privacy-Focused Platform’

In December, The New York Times reported that Facebook gave tech companies like Spotify, Netflix and Microsoft special access to user data without their knowledge.

Mark Zuckerberg Shows Off Invention He Created to Help His Wife Sleep Better: ‘Being a Mom Is Hard

Facebook permitted Microsoft search engine Bing to view Facebook users’ friend lists, and allowed Spotify and Netflix to read users’ private messages, the Times reported.

“We know we’ve got work to do to regain people’s trust,” Steve Satterfield, Facebook’s director of privacy and public policy, said at the time. “Protecting people’s information requires stronger teams, better technology and clearer policies, and that’s where we’ve been focused for most of 2018.”

Earlier this year, Mark Zuckerberg announced that the social network would make a shift toward becoming more “privacy-focused” in a note titled “A Privacy-Focused Vision for Social Networking.

In the announcement, Zuckerberg noted that he’s been focused on “addressing the biggest challenges facing Facebook” in the wake of numerous scandals, including a hack that exposed the personal information of nearly 50 million users last fall.

“This means taking positions on important issues concerning the future of the internet. In this note, I’ll outline our vision and principles around building a privacy-focused messaging and social networking platform,” Zuckerberg wrote in the memo. “There’s a lot to do here, and we’re committed to working openly and consulting with experts across society as we develop this.”