Connect with us

Security

How to check if your Facebook data was included in the 533 million account leak

Another day, another data breach.

facebook logo with blurred facebook website in background
Image: KnowTechie

Over the weekend, a threat actor published the data of over 533 million Facebook users onto a publicly available cybercrime forum. That data includes names, user IDs, phone numbers, and in some cases, emails, supposedly all from a breach back in 2019.

That date might be in question, as Alon Gal, CEO of security firm Hudson Rock, says that it was early 2020 when a “vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.” That database was then turned searchable by someone who created a Telegram bot that could query the database for “a low fee.” Yikes.

The Record also confirmed the data dumps, with user data being packaged on a per country basis, with 106 different packages. Those could be downloaded by anyone who purchased forum credits. Most records showed the phone number associated with Facebook, even if that number was private on their profile, which makes things more difficult to search. Some of the records also included the emails associated with the profiles, so you can search for that to see if your account is part of the breach.

Here’s how to check if your email was in the 500 million+ leaked Facebook accounts:

  1. Head on over to haveibeenpwned.com

  2. Put the email you use for your Facebook account into the search box

  3. Click on pwned?

  4. If your email was compromised in this Facebook data breach, you’ll get a suggestion to change your password and to enable two-factor authentication

  5. The search will also tell you any other breaches your email was found in, with suggestions on which services to go change your password on.

Troy Hunt, the founder of haveibeenpwned, is also considering adding the leaked phone numbers to the search box, so you can search via your Facebook-associated phone number.

If your Facebook email is part of that breach, go change your password. Then go here, and check to see if that password has been found in any other breaches. Any services you use that password on should be the first things you go change, and it’s a good time to get yourself a password manager so you can use unique passwords for every account.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Security