More Than Half a Billion Facebook Users' Phone Numbers and Personal Data Have Been Leaked Online
The personal data of 533 million Facebook users were posted in a hacking forum.
It includes phone numbers, full names, locations, email addresses, and biographical information.
Security researchers say hackers could use the data to impersonate people and commit fraud.
A user in a low-level hacking forum on April 3rd published the phone numbers and personal data of 533 million Facebook users for free.
The exposed data includes the personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in Malaysia, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birth dates, bios, and, in some cases, email addresses.
A database of this size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks or hacking attempts.
How do I know if my information was in the leak?
There are 3 ways to find out if your data is in the leak:
Visit Haveibeenpwned.com, a trusted site that tracks data breaches. Simply enter your email address, and the site will tell you if the address was in the database, an indicator your Facebook account was targeted.
Another site called Haveibeenzucked.com allows you to enter your phone number, Facebook ID, full name, and email to check whether your account was affected. However, this is not a trusted site and you will have to trust the site is not secretly logging your data.
FOR EXPERIENCED USERS: Try downloading the database yourself. The 20GB archive has already been freely circulating on the internet via a torrent.
What do I do if my information is leaked?
If your account was compromised, immediately change your password and other security details. For any services that use a similar or identical email or password, change them promptly.
If your phone number is in the leak, make a list of services you subscribe to or registered using that phone number. Be cautious when receiving any call from these services for the foreseeable future as the information obtained by hackers or third-party through the leak can be used to social engineer a scam or attack on you.
Also, change the security questions or recovery questions of your online accounts that were similar to your Facebook if possible.
If your data is not on the list of the leaked information, you are safe for now, but it is a good idea to regularly change your password and keep an eye on other security risks to stay safe. If Two-Factor Authentication (2FA) was not previously enabled, it is prudent that it is implemented as soon as possible. To turn on or manage two-factor authentication:
Go to your Security and Login Settings.
Scroll down to Use two-factor authentication and click Edit.
Choose the security method you want to add and follow the on-screen instructions or simply visit https://www.youtube.com/watch?v=YMs53JKVLiw for a step-by-step video demonstration.
Using an authentication app such as Google Authenticator, Microsoft Authenticator, or Authy is recommended instead of SMS. We will explain this in a separate article.