Connect with us
McAfeemcafee banner ad


How to check if your Facebook data was included in the 533 million account leak

Another day, another data breach.

facebook logo with blurred facebook website in background
Image: KnowTechie

Over the weekend, a threat actor published the data of over 533 million Facebook users onto a publicly available cybercrime forum. That data includes names, user IDs, phone numbers, and in some cases, emails, supposedly all from a breach back in 2019.

That date might be in question, as Alon Gal, CEO of security firm Hudson Rock, says that it was early 2020 when a “vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.” That database was then turned searchable by someone who created a Telegram bot that could query the database for “a low fee.” Yikes.


The Record also confirmed the data dumps, with user data being packaged on a per country basis, with 106 different packages. Those could be downloaded by anyone who purchased forum credits. Most records showed the phone number associated with Facebook, even if that number was private on their profile, which makes things more difficult to search. Some of the records also included the emails associated with the profiles, so you can search for that to see if your account is part of the breach.

Head on over to haveibeenpwned.com
Put the email you use for your Facebook account into the search box
Click on pwned?
If your email was compromised in this Facebook data breach, you’ll get a suggestion to change your password and to enable two-factor authentication
The search will also tell you any other breaches your email was found in, with suggestions on which services to go change your password on.

Troy Hunt, the founder of haveibeenpwned, is also considering adding the leaked phone numbers to the search box, so you can search via your Facebook-associated phone number.

If your Facebook email is part of that breach, go change your password. Then go here, and check to see if that password has been found in any other breaches. Any services you use that password on should be the first things you go change, and it’s a good time to get yourself a password manager so you can use unique passwords for every account.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Facebook