Phone numbers for as many as 419 million Facebook users were reportedly found sitting online in a file where anybody could have found them

Phone numbers linked to over 400 million Facebook accounts were recently found on an online server that was not password protected, according to a TechCrunch report on Wednesday.

That information, according to the report, included users' Facebook IDs (which are a string of numbers used by the company to uniquely identify an account) and the associated phone number for each account.

Some records also included the user's name, gender, and country in which they resided.

The issue, a Facebook spokesperson told Business Insider on Wednesday, stems from a feature that has since been shut down, which allowed users to search for friends by their phone numbers. Third parties could have used that feature to harvest the information.

The databases have since been pulled offline after the web host was contacted, TechCrunch said.

Visit Business Insider's homepage for more stories.

Phone numbers linked to as many as 419 million Facebook accounts were recently found on an online server that was not protected by a password, according to a TechCrunch report on Wednesday.

Facebook told Business Insider that there's no evidence that any users had their accounts compromised, and that the number of affected users was likely around half of what TechCrunch reported, as its team analyzed the dataset and found duplicate records. Facebook would not put an exact number to the users it estimated to be impacted by the exposure, but half of the reported number would be around 200 million users.

The database was brought to TechCrunch's attention by a security researcher, who discovered the information sitting in plaintext — meaning, it wasn't encrypted at all. This information appears to have been gathered by a third party, who left it exposed to the internet. The database was taken offline after the web host was contacted, TechCrunch said.

The information in question, according to the report, included users' Facebook IDs —which are a string of numbers used by the company to uniquely identify an account — and the associated phone number for each account. Some records are said to have included the user's name, gender, and country in which they resided.

TechCrunch reported that 133 million of the 419 million records discovered on the server were associated with American users.

The issue, a Facebook spokesperson told Business Insider on Wednesday, stems from a feature that has since been shut down, which allowed users to search for friends by their phone numbers. Facebook said malicious actors were able to use this feature to scrape information, including phone numbers, from users' accounts.

Facebook shut down the ability to search for friends by phone number in April 2018.

"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," a Facebook spokesperson told Business Insider. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer."

Read more: Instagram's lax privacy practices let a trusted partner track millions of users' physical locations, secretly save their stories, and flout its rules

The finding is the latest example of data protection issues surrounding the social networking giant. Just last month, Business Insider's Rob Price reported that Facebook was launching a review over hundreds marketing and advertising firms amid indications of widespread misuse of Instagram user data, including data scraping of users' public data without their consent.