A security researcher discovered an exposed server that contained several databases of information on over 419 million Facebook accounts, Tech Crunch reported. Predominantly listing users’ phone numbers and Facebook IDs, the server also exposed other bits of data such as gender, country, and full name for certain users. Sources say 133 million of the breached records pertain to U.S.-based Facebook users, while the rest expose accounts in the U.K. and Vietnam. Facebook made a policy change last year that disabled the feature allowing users to find each other using phone numbers, leading a Facebook spokesperson to deduce that the data on the exposed server is at least a year old. In the wrong hands, the leaked data could put users at risk of spam calls and SIM-swapping attacks. There is no evidence yet, however, that any user has been impacted by the breach. Avast Security Evangelist Luis Corrons expects that Facebook will release more news about the server once the company conducts an internal investigation. “It seems clear,” he added, “that the less personal data users add to their Facebook profile, the better, as sooner or later that data will be compromised.”