A massive database containing hundreds of millions of Facebook user IDs and their associated phone numbers has been found online. The database was found on an unsecured server – it wasn't password-protected – and was available for anyone to access.

Sanyam Jain, a security researcher for GDI Foundation, found the database and reported it to TechCrunch when he couldn't find the owner. According to TechCrunch, the database contains over 418 mn records comprising Facebook IDs and associated phone numbers. The records also contain additional information such as the gender and location of the user.

The database appears to be very old, but with over 400 mn exposed numbers, a lot of damage can be done.

Facebook has confirmed that the data is old and was scraped before Facebook clamped down on developer access to phone numbers and addresses several years ago following an understandably severe backlash from users.

For now, the server has been taken down by the server host. However, it's not clear exactly how long the database has been up and it may have been accessed by malicious groups the world over. There is also no information on the owner of the database and on how it was generated.

While the database is likely very old, Facebook's inability to contain and secure the data it harvests is almost comically absurd at this point.

Compromised users face additional risk of phishing attacks and SIM swap fraud. In the most recent, high-profile case of the latter, Twitter CEO Jack Dorsey's account was compromised for over 20 minutes.