Facebook has affirmed that about 200 million phone numbers from the crew members have been leaked in an online database. The company claimed that it was inquiring about who had collected the database and left it online unsecured.
It involves telephone numbers for around 18 million Facebook members in the United Kingdom. The United Kingdom’s Information Commissioner’s Office (ICO) said that it had advised the matter to its Irish equivalent – the IDPC – which stands as the supervisory authority for Facebook in the EU.
The data of telephone numbers and Facebook IDs were found on an unsecured web server and was not protected by a password. It is unbelievable to have been collected or put there by Facebook.
The data was taken down after the news site TechCrunch reported the problem to the web hosting company. In April 2018, Facebook discontinued a feature that lets people search for other individuals just by typing in their contact numbers.
The company claimed that malicious actors had abused this particular feature by typing in millions of contact numbers to find out who was their owners.
It also said that they had been planting profiles and contact numbers for many years by misusing the search tool and that anyone who had kept their privacy settings after putting their contact number should hold that their information had been planted.
And it is also thought that the database informed by TechCrunch may have been made by using this tool CTO Mike Schroepfer said at that time that malicious actors had been utilizing this new feature to remove public profile information by using useless phone numbers or email addresses.
He also said that as per the given scale and sophistication of the activity they had seen, they believed that most users on Facebook could have had their public profile altered this manner.
The discovery notes the latest security black eye for Facebook and could throw the company in even more warm water with global regulators that have already been enquiring the company over its role in the Cambridge Analytica data harvesting case.