The developer of the Have I Been Pwned data breach notification site added a way to check if your phone number had been exposed in the recent data leak of Facebook user data.
Last weekend, a forum user TomLiner put up for sale a huge database containing records for 533 million Facebook users. The dataset included phone numbers, Facebook IDs, names, gender, relationship status, location, occupation, date of birth, and email addresses.
This data was initially harvested in 2019 due to a flaw in Facebook’s Add Friend feature. It was sold privately at the time, but then it was traded multiple times between different threat actors until it was eventually posted for free on the hacker forum last Saturday.
Initially, the Have I Been Pwned service allowed users to input their emails to see whether their Facebook information leaked.
However, the most prevalent piece of data in this leak is a phone number. Therefore, users who previously searched for their emails on Have I Been Pwned should do so again using their phone numbers.
“There’s over 500M phone numbers but only a few million email addresses so >99% of people were getting a “miss” when they should have gotten a “hit”,” Have I Been Pwned creator Troy Hunt explained in a blog post.
According to Hunt, when searching for phone numbers, users must the number in the international format, with the country code, because this is how numbers are stored in the data leak. Additionally, the + symbol is optional and will be stripped when searching.
All Facebook users are encouraged to change their passwords, set up 2FA, and be on the lookout for scamming and phishing attempts.
Just yesterday, likely the same user TomLiner now scraped data of millions of LinkedIn profiles and put it up for sale. The massive database contains 500 million user records.