It was revealed over the weekend that a huge data breach saw personal data leaked from Facebook, including phone numbers, full names, and dates of birth. There’s now a way for you to check if any of your personal data was compromised …
Background
Although it has just made the news now, the breach occurred much earlier, as tweeted back in January of this year by security firm Hudson Rock.
Facebook confirmed the breach, but said that it actually took place in 2019, not 2020.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries. It was severely under-reported and today [January 14 2021], the database became much more worrisome.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy.
Business Insider verified some of the records.
Was your personal data leaked from Facebook?
TNW reports that haveibeenpwned.com now has a copy of the data, allowing you to check whether your data was exposed.
Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.
- Head to haveibeenpwned.com on your phone or desktop.
- Enter your email ID.
- If your email was compromised, you’ll get a warning to change the password and enable two-factor authentication. You can also scroll down on the page to see all the breaches that may have included your credentials tied to the email address you entered.
Right now, you can only search for your email address, but TNW says it’s possible the database will be expanded to allow phone number searches too.
As always, we recommend protecting your privacy by using a password manager for all the sites and services you use, and switching on two-factor authentication where supported. This blocks two of the most common forms of attack: dictionary attacks, where the hacker tries a variety of commonly used passwords; and trying credentials from one breached website on a bunch of others.