Details of more than 500 million Facebook users were leaked this week – and now you can see if you’re among them.
Security researchers have created a searchable database where you can enter your phone number to see if it was included in the breach.
Hosted on the website Have I Been Pwned, the tool also hosts leaked personal information from other large data hacks, and is widely respected in the cybersecurity community.
Facebook claims the data is from an ‘old’ 2019 data breach, but privacy watchdogs around the world are now looking into the matter.
What data was leaked?
The data is from 2019 – at the time, Facebook claimed it had ‘found and fixed’ the source of the breach.
But the leaked information has recently begun circulating on hacking forums, allowing anyone to look through the data.
The leaked information contains the information of 533 million people from 106 different countries, including 11 million users in the UK, according to a researcher analysis.
While not every user’s email address has been leaked, there appear to be more than 500 million phone numbers in the database.
Privacy watchdogs from Ireland, the Phillippines and Hong Kong are already looking into the breach to establish the extent of the leak and whether it contains additional information to the 2019 breach.
Who is in the data?
The database, made by security researcher Troy Hunt, is only searchable by phone numbers a user puts in – you can’t scan the database looking for new information.
However, the breach is one of the largest known data leaks on record.
As well as users from the UK, US and Australia, top executives have been rumoured to be featured in the data, including Facebook chief Mark Zuckerberg himself.
‘This is the number associated with his account from the recent Facebook leak,’ security expert Dave Walker tweeted, with a picture of Zuckerberg’s alleged leaked phone number.
Walker also discovered that the number associated with Zuckerberg’s account had signed up for a Signal account – a messaging app that uses end-to-end encryption and a competitor to Facebook-owned WhatsApp.
A large percentage of Facebook’s users entered their phone numbers to the service after Facebook began requesting the personal data in 2011, claiming it was for security purposes.
A Facebook spokesperson said the data was taken from the platform due to a vulnerability which was then patched in August 2019.
This means the information is a couple of years old.
However, it could still be used by cybercriminals to impersonate people or scam them into handing over their up-to-date login credentials.
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, said the data had also previously surfaced in January, with a user in the same hacking forum advertising the information via an automated bot in exchange for money.
Mr Gal said Facebook users should be alert to ‘social engineering attacks’ by people who have their information in the coming months.
He said: ‘Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect.
‘Users having their personal information leaked is a huge breach of trust and should be handled accordingly.’
MORE : Phone numbers and personal data leaked from 500,000,000 Facebook accounts
MORE : New regulator to tackle dominance of Facebook, Google and Amazon
