Facebook has confirmed that hundreds of millions of user phone numbers were left in an unprotected server, which reportedly included several million British details.
According to TechCrunch, 18 million UK phone numbers were among 419 million records left in an open online server that was not secured with a password.
Facebook has confirmed the report, but said the total number is likely to be around half because of duplicate entries.
This latest issue is thought to be from publicly available information previously used to allow people to search for others by using their phone number, which was disabled in April 2018 in response to the Cambridge Analytica scandal.
It is claimed that the server contained several databases for various geographies, with a user’s unique Facebook ID stored alongside their phone number.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a Facebook spokeswoman said.
“The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”
A total of 133 million records for users in the US and 50 million records for users in Vietnam are reported to be among the data.
An unspecified number also held additional details, such as the user’s name, gender and location by country, it is also claimed.
The social network has been under the spotlight since the Cambridge Analytica scandal broke, which resulted in multiple investigations and fines.
In July, the Federal Trade Commission announced that it had agreed a settlement with the social media giant which would see it pay a £4 billion fine and introduce a number of new audits into its business that would ensure privacy and data protection is in place.
The UK privacy and data watchdog, the Information Commissioner’s Office (ICO), said that it was aware of the incident, saying: “We are in contact with the Irish Data Protection Commission (IDPC), as they are the lead supervisory authority for Facebook Ireland Limited.
“The ICO will continue to liaise with the IDPC to establish the details of the incident and to determine if UK residents have been affected.”