Nearly 200 million phone numbers exposed in latest Facebook breach

Published on Friday, September 6, 2019 - 13:13 by Camilla Winlo

The phone numbers of nearly 200 million Facebook users have been discovered online in the latest data scandel for the social network.

This breach includes phone numbers for about 18 million Facebook members in the UK, and around 133 million from American accounts. The leak was discovered by a security researcher, who found 419 million records on an unsecured server - so no password was needed to access them. Facebook has said the phone numbers have since been taken down.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” Facebook's spokesperson said. “The underlying issue was addressed as part of a Newsroom post on 4 April 2018 by Facebook’s Chief Technology Officer.”

The ICO has referred the matter to its Irish equivalent - the IDPC - which is the supervisory authority for Facebook in the EU.

What happens next?

The most disturbing part of this latest Facebook breach is its insistence that, because the dataset is old and can’t be used to find people on Facebook, no harm has been caused.

Whilst the data may have been collected some while ago, people keep their phone numbers for years and the rise of measures such as two-factor authentication, which often sends a security code to a mobile phone, means that if anything - those phone numbers have become even more important.

Facebook appears to have considered the risk from the data only in relation to the risks to Facebook. The GDPR is clear: organisations need to consider the risks of the data they hold on the individuals as a whole, not just how it relates to their business.

People should think hard about whether they really trust the organisations who ask for their data. Here are two quick tricks anyone can try:

  • Does the organisation make you accept all their cookies? That’s illegal, and shows they care more about their business than about you.
  • How easy is it to find the Privacy Policy? How long is it when you do? Privacy information should be easy to find and straight to the point - if it isn’t, the organisation doesn’t really want you to read it.
Facebook breach

Find out more?

Leave your contact details below and one of our expert team will be in touch

We will only use the contact details you supply on the basis of our legitimate interest to respond to your query and contact you about DQM GRC. You will always be given the opportunity to opt-out from future communications. Please read our privacy policy for more details.


Find out more..

If you are interested in any of our services then please either use the contact form or contact us via of the methods below:

  •   Telephone
  •   E-mail

  •   +44 (0)1494 442900