An investigation by TechCrunch has discovered over 419 million Facebook IDs and phone numbers had been stored in a non-password-protected online database. The dataset included about 133 million records for US users, 18 million records for users in the UK and 50m records for users in Vietnam.
Facebook has since taken the database offline. The company has also stated that the number of compromised accounts was closer to 210 million, due to the presence of duplicated records.
Facebook responded to the article:
This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.
The company is continuing its investigations to discover who created the dataset and when.