CBS NEWS - MONEYWATCH More than 400 million Facebook users may have had their phone numbers exposed, more than a year after Facebook disabled the feature that allowed someone to look up a user's phone number.
TechCrunch found a trove of Facebook accounts on an exposed server, the news outlet reported Wednesday. The server was not protected with a password, meaning anyone could have found and accessed the database of users.
The 419 million records in the database included unique Facebook IDs and the phone number listed on the account. Some also included the user's birth date, location and gender.
In a statement, Facebook disputed the 400 million figure, saying many of the numbers were duplicates and the leaked database was "about half" of what TechCrunch reported. It also said that it had fixed the issue that led to the records being exposed, but did not offer further explanation.
"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the statement said. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer."
In that 2018 post, Facebook said it was turning off access to users' phone number because that feature was being abused and could be scraped to collect large amounts of information. But since that announcement more than a year ago, hackers and researchers continue to dig up information on Facebook users.
Facebook was recently fined a record $5 billion by the Federal Trade Commission over the privacy breach that had allowed the data firm to collect information on millions of users without their knowledge. It's currently being investigated for allowing for the spread of election-related misinformation and discrimination in U.S. housing ads.
TechCrunch published its discovery a day before Facebook announced the official launch of its matchmaking service, Facebook Dating, in the U.S. The dating service is already available in Brazil, Canada and 17 other countries.
Although many of its features resemble what other matchmaking services offer, Facebook's version promises to be different. A user's Facebook Dating profile will be separate from their main one, but the romance app will tap existing features such as events and groups to pair them with possible matches. By default, people in users' friend network will be excluded, but users can circumvent that with a "secret crush" feature.
To prevent unwanted messages, photos and spam, Facebook Dating lets you message someone just once unless you get a response. Facebook also won't allow lonely hearts — or creeps — to send photos or website links, which could help cut down on unsolicited body-part photos.
Though the mobile-only service is free to use and free of ads, it can still help Facebook make money if it keeps people glued to its other services longer.
Announcing the feature, Facebook pledged that it would keep users' dating profile info separate from other Facebook activity. But many remain skeptical.
Seth Carter, 32, an engineer from Terre Haute, Indiana, said he had used dating apps ranging from Match to Bumble, Tinder and Christian Mingle prior to his current relationship.
"Facebook is here to make money and I get that," he told the Associated Press. But he worries that Facebook's stated commitment to privacy would ultimately buckle under pressure to make money off the service. "That likely means they're going to sell my dating preferences, which means even more intrusions into my life."
Facebook says it won't be doing any of that. But users like Carter can hardly be blamed for their apprehension.
Facebook Dating comes as the popularity of online dating grows: In 2016, 15% of all U.S. adults said they had used online dating services, up from virtually none in 2005, according to the Pew Research Center.