Facebook Breach Explained — How 419 Million Phone Numbers Were Exposed (+How to Protect Your Data)

Aaron Walker
Aaron Walker  |  September 10, 2019

Facebook has once again exposed the personal information of millions of users. More than 419 million phone numbers linked to Facebook accounts were left accessible on a server that was not password protected, according to TechCrunch.

TechCrunch also reported that about 133 million records were associated with Facebook users in the United States, as well as 18 million in the United Kingdom and 50 million in Vietnam. Each phone number was tied to a user’s unique Facebook ID.

facebook breachImage courtesy of TechCrunch: A redacted set of records from the U.K. database. The “44” indicates +44, the U.K.’s country code and the “7” indicates a cell phone number.

This is the most recent breach for a company that has a history of incidents involving consumer information. In 2018, a Facebook data breach exposed personal information of about 50 million people. That breach also included sensitive data, such as personal identifiers and search histories, associated with 14 million people. 

Prior to last year, users could search a phone number to find a user, making this information publicly available. In April 2018, Facebook released a number of security and privacy updates which included removing this functionality, as well as changes to its login verification process, historical messaging documentation, and a number of API access updates. 

This issue must be addressed on two levels: 

The first, and most important, is Facebook’s obvious responsibility to password protect and encrypt sensitive information. This functionality is included as a native feature for most cloud storage technology, but can be bolstered using privileged access management and data privacy solutions which are used to manage access to sensitive information and ensure data is stored in compliance with the privacy regulations, respectively. G2 has thousands of reviews for these security products from real users to help you better assess your protection tools.

The second is less applicable to this breach, but in the case access credentials are ever exposed, password managers can help individuals ensure passwords are both strong and updated frequently.

Read more: G2 on Cloud Security  →

Aaron Walker

Aaron Walker

As an analyst at G2, Aaron’s research is focused on cloud, application, and network security technologies. As the cybersecurity market continues to explode, Aaron maintains the growing market on G2.com, adding 90+ categories of security technology (and emerging technologies that are added regularly). His exposure to both security vendors and data from security buyers provides a unique perspective that fuels G2’s research reports and content, including pieces focused on trends, market analysis, and acquisitions. In his free time, Aaron enjoys film photography, graphic design, and lizards.