Update (06/04/2021 4.00 PM IST): HaveIBeenPwned has added a new search forphone numbers involved in this leak. You can use the same search box to search for your phone number with your country code as described below. You can find more detailshere.
Multiplereportsover the weekend confirmed that an attacker published details — including names, user IDs, phone numbers, and emails — of more than 533 million Facebook users on a forum.
Alon Gal, CEO of security firm Hudson Rock,tweetedabout the incident back in January, saying that the database came to the fore when a Telegram user made a bot that let users query the database for a fee.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy.pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach)January 14, 2021
Catalin Cimpanu of The Record also independently reported thatthe database was available in 106 different country-wise packages. While these files are publicly available, you’ll need to buy forum credits to download them.
While most records had phone numbers attached to them, multiple email IDs were also exposed. You can use haveibeenpwned, a website that loads email IDs that were exposed in various breaches, to check if your ID was affected.
Calling all Scaleup founders! Join the Soonicorn Summit on November 28 in Amsterdam.
Meet with the leaders of Picnic, Miro, Carbon Equity and more during this exclusive event dedicated to Scaleup Founders!
Here’s how you can do it:
The founder of the website is alsoconsidering loading the leaked phone numbersin the database. We’ll update the story if that happens.
It’s better to change your password as the first step. You can checkhereif any of your old passwords have been compromised — so you could avoid reusing them. Plus, you should start usinga password managerif you’re not doing it already.
Facebook told The Record that this data dump originated fromits 2019 breach, and the issue was fixed in August that year. Now that data is public, anyone could obtain it for a few bucks and target millions of individuals for spamming or doxxing.
Story byIvan Mehta
Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.“Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.
