A recently-released tool allows people to check if their phone numbers appear in a Facebook data breach.
Information from more than 530 million people was leaked into an online database consisting primarily of contact information such as mobile phone numbers. Facebook alleged that the data came from an “old” breach in 2019 but that privacy watchdogs have already launched investigations.
Meanwhile, people can check if their numbers or emails were affected through an online tool called “Have I Been Pwned.”
Facebook claimed that it had “found and fixed” the breach more than a year and a half ago. However, the information has been available online since it was posted for free on a hacking forum.
Researchers analyzing the data revealed that the database covers 533 million people in more than 100 countries.
The hacked data includes 30 million Facebook users in the United States, 11 million British, and 7 million Australians. Troy Hunt, a security expert who runs HaveIBeenPwned, wrote in a blog on his website that not all data was available to every user and explained that the amount phone numbers is greater than the number of exposed emails.
He said that 500 million phone numbers were leaked but “only a few million email addresses.”
Mr. Hunt said he launched the phone number lookup feature after registering record-breaking traffic to the website shortly after news of the Facebook data breach broke. Previously, the website only allowed users to search for email addresses.
Now, people can enter their contact number in the site’s search box to confirm if it has appeared in the leaked database.
“I wanted to ensure Have I Been Pwned could answer that question for everyone, not just a tiny slice of people,” Mr. Hunt told the media, adding that Facebook’s CEO, Mark Zuckerberg, was a victim of the data leak.
Facebook began requesting phone numbers from users in 2011 for security reasons.
Both Facebook and Instagram, which is owned by the company, allow for two-factor authentication. This function sends a text message to the user’s mobile once a new login attempt in their account is registered.
But the tech giant has advised users of its platforms to verify what details they share publicly, updating their profile and privacy controls.