Server lacked password protection and included multiple databases with records from U.S., U.K. and Vietnam. Each record contained both the ID and phone number listed on account of a unique Facebook user. Facebook has restricted access to user phone numbers for more than a year as a part of an effort to improve data practices. Security experts warned users to think hard before giving their phone numbers to social networks because more often than not, that number is for business rather than altruistic purposes.
Source: https://threatpost.com/leaky-server-exposes-419m-phone-numbers-of-facebook-users/148029/