A large database of more than 400 million telephone numbers that are linked to Facebook accounts was unprotected on the internet for a while. Because no password was required, the database was available to everyone, TechCrunch reports Wednesday. It is still unclear whether malicious parties have used the data.

The data set was collected by Facebook and placed online by a third party. It contained the data of 419 million people, including 133 million American Facebook users, eighteen million British users and more than fifty million users from Vietnam. Whether there were also Dutch telephone numbers is not yet known.

Of each of these users their telephone number and their Facebook ID were stated. A Facebook ID is a long, unique and openly visible account number with which the Facebook username can easily be retrieved. Some users also mentioned their name, gender and location.

Phone numbers corresponded

TechCrunch compared a number of Facebook IDs with already known telephone numbers: they appeared to correspond with the numbers in the database. The leaked numbers also corresponded to the telephone numbers that are partially visible when resetting a Facebook password.

Facebook spokesperson Jay Nancarrow said that all data must have been copied over a year ago, before Facebook decided to no longer make phone numbers visible to users. "The dataset was then taken offline", the spokesman emphasizes.

The data in the database that TechCrunch encountered, however, seems to have been uploaded only last month, although that does not necessarily mean that the telephone numbers are so new. Who has leaked the data from Facebook and why is still unclear.

Resetting passwords

If phone numbers come into the hands of malicious parties, Facebook users risk being the victim of spam phone calls, 'simswapping' and the unwanted resetting of passwords of all kinds of online accounts that are linked to the number.