Earlier this week, details of 533 million Facebook accounts leaked online were revealed, including phone numbers, dates of birth, full names, email addresses and more.
The leaked data includes any information that users posted on their public profiles, but also information that is not public. According to The record, the leak dates from a breach that occurred in 2019. The attacker abused a vulnerability in Facebook’s contact import feature and automated data collection until Facebook detected and cut off the attacker’s access in August 2019. Although this The breach is old, the leak has resurfaced this week in the news because the data is now widely disseminated on cybercrime forums.
An easy way to check if your information has been leaked is by visiting Have I Been Pwned. The tool will tell you if any of your data has been compromised based on your email address and now, your phone number.
Should FB phone numbers be found in @haveibeenpwned? I’m thinking about the pros and cons in terms of the value it adds to impacted people versus the risk presented if used to help solve numbers in identities (you would still need the source data to do that).
– Troy Hunt (@troyhunt) April 4, 2021
Troy Hunt, who created Have I Been Pwned, said Facebook users can search using their email or phone number, the latter of which has its own set of privacy risks, but Hunt decided that ultimately instance, it is a valuable service.
“There are over 500 million phone numbers, but only a few million email addresses, so> 99% of people were getting an ‘error’ when they should have received a ‘hit,'” Hunt said. “The phone numbers were easy to parse from (mostly) well-formatted files. They were also normalized (sp) in a nice and consistent format with a country code. In short, this dataset completely changed all my reasons for not doing this. “
Hunt explained that being able to search using his phone number is unique to this Facebook data breach and will not become the norm in the future. That is unless Hunt sees a similar value proposition.
“I’m not going to go back to tracing big data from previous breaches and analyzing the phone number,” Hunt said. “But if the Facebook situation repeats itself in the future, I will be well positioned to upload the data.”
If your email address does not produce any results, you can enter your phone number by first entering your country calling code. In North America, phone numbers start with 1; in Australia it is 61; and the UK is 44. Hunt shared the chart below if you are a more visual learner.
Image via Troy Hunt
If you discover that your data has been leaked, it is essential that you take immediate precautions. Since passwords weren’t part of the Facebook breach, but phone numbers and other identifying information were, watch out for a wave of spam, phishing, and harassment attempts. You should also consider using a password manager if you haven’t already. They help create and manage your existing passwords and can also create unique passcodes to use for two-factor authentication. I have used 1Password for several years, but there are many other options available.