Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, U.S. media reports have said.

An exposed server stored 419 million records on users across several databases — including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam, according to technology news site TechCruch.

Following the 2018 Cambridge Analytica scandal, when a firm used Facebook’s lax privacy settings to access millions of users’ personal details, the company disabled a feature that allowed users to search the platform by phone numbers.

The exposure of a user’s phone number leaves them vulnerable to spam calls, SIM-swapping — as recently happened to Twitter CEO Jack Dorsey — with hackers able to force-reset the passwords of the compromised accounts.

The privacy lapse was discovered by Sanyam Jain, a security researcher and member at Hague-based non-profit organisation GDI Foundation.

“Jain... found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, neither could we. But after we contacted the web host, the database was pulled offline,” said TechCruch.