Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site’s recent data leak.
Last weekend, a threat actor released a data leak containing information for 533 million Facebook users. This information includes phone numbers and Facebook IDs for almost all exposed accounts and other optional information such as a member’s name, gender, relationship status, location, occupation, date of birth, and email address.
This data was initially collected in 2019 and sold privately at the time. Over time, the data was traded and sold between different threat actors for lower and lower prices until it was eventually released for free on the hacker forum this weekend.
When it was released, the data was added to the Have I Been Pwned data breach notification service so that users can look up whether their emails were in the Facebook data leak.
However, this leak’s main component is a Facebook user’s phone number, rather than an email address, and thus Have I Been Pwned could not accurately alert a user if they were exposed in the breach.
“There’s over 500M phone numbers but only a few million email addresses so >99% of people were getting a “miss” when they should have gotten a “hit”,” Have I Been Pwned creator Troy Hunt explained in a blog post.
To more accurately alert users, Hunt has updated Have I Been Pwned so that users can now search for their phone numbers on the site to determine if the leak exposed their Facebook info.
When searching for phone numbers, users must include their country code as that is how the data leak stored the number.
For example, in the sample of exposed New York users below, the phone numbers start with the country code of 1, followed by the person’s full number.
For example, if you wanted to check if your phone number was part of the Facebook data leak, you would need to use a search in the format ‘19175555555.’ If you are in the UK, you would need to include your country code as well, so a searchable phone number format would be ‘+442071838750.’
Hunt states that the + symbol is optional and will be stripped when searching, as shown below.
With this new feature added, Have I Been Pwned has become a valuable tool for Facebook members to determine if the data leak exposed their data.
Unfortunately, when data leaks such as this one are released, it is common for other threat actors to use this information in their own attacks.
If your data was exposed, you should be on the lookout for Facebook phishing emails or smishing (phishing texts) attacks that attempt to harvest more information from you.