A feature that Facebook shut down in the wake of last year’s Cambridge Analytica scandal came back to haunt it on Wednesday, when it emerged that hundreds of millions of Facebook users’ phone numbers had been found in an unprotected online database.
Millions of American Facebook (FB) users’ phone numbers are believed to be among those found. Facebook (FB) said there is no evidence that any accounts were compromised. Even so, the latest discovery is a reminder that even new, stricter security policies can’t necessarily address past data leaks or abuses.
Until April 2018, people could enter another person’s phone number to find him or her on Facebook. The company shut down the feature in the weeks after the Cambridge Analytica scandal broke because it found “malicious actors” had abused the feature to gather public information on Facebook users, a process known as scraping.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” Mike Schroepfer, Facebook’s chief technology officer, wrote at the time.
On Wednesday, almost 18 months after Facebook shut down the feature, TechCrunch reported that a security researcher had found the records of more than 400 million Facebook accounts, including phone numbers, resting in an unprotected database online.
A Facebook spokesperson confirmed to CNN Business that the security researcher reported the database to Facebook and the company launched an investigation. The spokesperson said the database contains many duplicate entries and the company estimates the number of users impacted is about half of what TechCrunch reported.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.