Over 533 million Facebook users’ phone numbers and personal data were recently leaked online, published for free on a widely-used hacking forum.
Those affected Facebook users are spread across 106 countries and disclosed data includes phone numbers, full names, dates of birth, Facebook IDs, bios, and email addresses.
So what actually happened in this Facebook data leak? How can you find out if your Facebook account has been affected? And if so, what can you do about it?
Facebook Phone Number Leak: What Really Happened?
According to a Facebook spokesperson, the breach was not a result of a hack but the data was scraped because of a previously patched vulnerability.
Back in 2018, unknown entities accessed around 50 million Facebook accounts by simply exploiting a vulnerability in the site’s code. That same year, another bug was found to provide third-party apps illegal access to photos which they didn’t have permission to view.
Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock who actually discovered the leaked data paints a gloomy picture where this data breach could lead to other potential threats. Gal says:
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts”.
How to Find Out if Your Phone Number Was Leaked
If you are itching to find out whether your phone number was part of the breach, here are two ways to uncover the truth,
1. Enter Your Phone Number in the News Each Day Tool
A simple tool offered on the website, The News Each Day, lets anyone enter their phone number to find out if it was part of the breach.
To make the tool work, you should enter your phone number without any periods or hyphens. An international country code is also required at the beginning of the number.
2. Use the HaveIBeenPwned Tool
If you are hesitant to input your phone number on a website that is not widely known, then your best bet would be to access HaveIBeenPwned. The company recently updated its database to add this Facebook data breach.
Simply access the site and enter the email address that you use for your Facebook account. The tool will tell you if your account is part of the Facebook breach and what personal information was compromised, if any.
As an added bonus, the tool also tells you if your email address is part of any other data breaches listed in its database.
Can You Trust Sites With Your Phone Number?
When trying to identify data breaches, anyone claiming to be your friend can often be your enemy. Many websites claim to identify your phone numbers as part of the breach, but in reality, they are phishing sites looking to grab your sensitive data.
Be very cautious when inputting your phone numbers on random websites and do not disclose any information without doing thorough research on the tools and websites that you are going to use.
How to Keep Your Personal Data Protected
By employing the following tactics, you can keep your personal data protected.
Change Your Passwords
Changing your passwords is the first logical thing to do if you suspect your phone number was part of the breach. Passwords should always be changed periodically to reduce the chances of attack.
The US National Institute of Standards and Technology (NIST) recommends using long passphrases that are easy to remember but difficult to guess. Strong passwords are at least eight characters in length and include a combination of uppercase and lowercase letters along with symbols.
Monitor Your Credit File
If your phone number was actually a part of the Facebook breach (or any data breach for that matter), then investing in a credit monitoring service is well worth the effort.
Not all data breaches lead to identity theft, but any victim of a data breach faces a lifelong risk. The best way to protect your identity is to freeze your credit and also add a free credit monitoring service.
A credit monitoring service doesn’t only watch your credit reports but also alerts you when changes happen. As an example, if someone tries to open a bank account under your name, you will find out instantly as opposed to waiting for greater damage to ensue.
Enable Multi-Factor Authentication On Social Media Accounts
Multi-Factor Authentication (MFA) grants access to a user only after they have successfully presented two or more pieces of evidence. By providing an extra set of credentials instead of just one password, MFA offers an added layer of security and helps avoid data breaches.
An example would be online banking from your computer with MFA enabled. Once you enter your login credentials to the bank website, a one-time-password (OTP) code will be sent to another pre-authenticated device like your cell phone. To gain access, you would need to enter that code into the bank’s website.
You can always use time-restricted OTPs from an MFA tool such as the Google Authenticator.
Get Fraud Identification From Your Mobile Provider
You could potentially become part of a cell phone fraud if your account or phone number was part of the breach.
Many cell phone providers offer fraud identification services. If you suspect that your phone number was part of the data breach, call your mobile provider’s fraud department and they should be able to assist.
Avoid Using Same Email/ Password Combinations
People who use the same email address-password combination for multiple online accounts are at a higher risk.
Criminals can use the stolen login credentials from one website to log into another—allowing them access to your email, social media, or worst of all, online banking portal.
Facebook Mobile and Online Users: Stay Vigilant
The Facebook leak was not the first time that a massive data breach occurred. And it will certainly not be the last. While half a billion Facebook accounts and phone numbers were exposed, there is a lesson to be learned from all of this: we need to be more vigilant about our online accounts.
Data breaches can alter the life of an individual or business significantly and have huge implications. Fortunately, developing effective passwords, rotating them regularly, using separate passwords for different accounts, and enabling MFA are some of the many things we can do to protect our sensitive data.
The actual leak first took place last year, but someone just put all the records up online at no cost.
About The Author