A Facebook server was exposed over 419 millions records contain user Facebook ID’s,phone number and some records include even the user’s name, gender and location by country.According to the TechCrunch these server stores several databases with above mentioned data of Facebook users all over the world.Most terrible thing is this server wasn’t protected with a password,so anyone could find and access the databases.

Facebook ID is a unique number which is highly integrate with anyone’s Facebook account.Therefore by using someone’s Facebook ID it is very straight forward to extract much information about that user.Bad actors can use these exposed phone numbers for spam calls and SIM-swapping attacks.Now a days many online accounts support for password reset using phone number instead of email.This leads to bring high risk to other online account of these Facebook users.

TechCrunch reported that “Sanyam Jain, a security researcher and member of the GDI Foundation, found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, neither could we. But after we contacted the web host, the database was pulled offline.”

Later, Jay Nancarrow from Facebook replied to TechCrunch report as, “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”

This is an another high-profile scraping incidents that Facebook struggling after the Cambridge Analytical scandal.Although this is not a technical problem just a huge human error.