The dataset included 133 million records on Facebook users in the US, 18 million on people in the UK and 50 million on users in Vietnam. The researcher, Sanyam Jain, found the databases on an exposed server that wasn't protected with a password. He told TechCrunch he found phone numbers linked to several celebrities.
"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," a Facebook spokesperson told Engadget. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer."
The company told Engadget that much of the information in the databases is duplicated. As such, it says the true number of affected accounts is about half that 419 million figure. The company also noted that since the access changes it announced in April last year, it has been trying to reduce the risk of data scraping.
Still, while the information in these databases might be from some time ago, people tend to hang onto their numbers for a long time. The leak could put them at risk of spam calls and SIM-swapping scams that could endanger their online accounts -- not just on Facebook. A Facebook ID, meanwhile, is a unique number associated with each account, and it's not difficult to find the user to whom it's linked.
The company has faced numerous privacy issues over the years, including the Cambridge Analytica scandal that led to a $5 billion Federal Trade Commission settlement. Several other instances occurred this year in which millions of Facebook and Instagram users' details were exposed, but not by the company itself. Last fall, a data breach exposed the private information of 29 million users.
Update 9/4/2019 5:30PM ET: Added some more information from Facebook.