It was revealed over the weekend that a huge data breach saw personal data leaked from Facebook, including phone numbers, full names, and dates of birth. There’s now a way for you to check if any of your personal data was compromised …
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries. It was severely under-reported and today [January 14 2021], the database became much more worrisome.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy.
Facebook confirmed the breach, but said that it actually took place in 2019, not 2020.
Business Insider verified some of the records.
Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.
Was your personal data leaked from Facebook?
- Head to haveibeenpwned.com on your phone or desktop.
- Enter your email ID.
- If your email was compromised, you’ll get a warning to change the password and enable two-factor authentication. You can also scroll down on the page to see all the breaches that may have included your credentials tied to the email address you entered.
Right now, you can only search for your email address, but TNW says it’s possible the database will be expanded to allow phone number searches too.
As always, we recommend protecting your privacy by using a password manager for all the sites and services you use, and switching on two-factor authentication where supported. This blocks two of the most common forms of attack: dictionary attacks, where the hacker tries a variety of commonly used passwords; and trying credentials from one breached website on a bunch of others.
FTC: We use income earning auto affiliate links. More.