Main Menu

Search

Try searching for

Identity theft

Social security protection

Credit monitoring

Reputation management

Blog > Data Breach > Did Facebook’s Massive Data Leak Include Your Phone Number?
 April 20, 2021

Did Facebook’s Massive Data Leak Include Your Phone Number?

Half a Billion Facebook User Files Spilled Online

Over 500 million Facebook (FB) user files appeared on a popular hacker web forum over the weekend, causing an uproar and making headlines worldwide. News of the download spread at light speed in part because the data was downloadable for a mere $2 fee.

A mind-boggling 533 million individuals from over 105 countries could now be at increased risk for spamming, smishing, phishing, scamming and ultimately identity theft.

Ask Yourself

Potential victims of any data breach initially want to know what data the hackers compromised. This leak of personally identifiable information (PII) for customers contains full names, addresses, phone numbers, dates of birth, FB biographies, and some email details. The data dump also includes marital status, occupation, employer and FB ID numbers for millions.

To date, countries hardest hit in terms of total files compromised include Italy and Egypt; the U.S. sits in the fourth position with over 32 million files compromised.

Was it Me?

Next, individuals wonder whether their info was part of the theft. Here’s where it gets challenging–finding out whether your data was involved. Right now, that might be a tricky question to answer. The fastest (and safest) way to check is to visit haveibeenpwned.com. “Pwned” is a coder term for being hacked, and this website’s the brainchild of independent Australian security researcher Troy Hunt.

It can reveal whether your email is part of the data find but that won’t notify everyone. When Hunt uploaded the new data specs on Sunday, he wrote, “The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address.”

Hunt added that he noted relationship status in some files, and he’s seen the complete data set popping up on social media everywhere.

Hunt’s data breach repository just added a search function to determine whether phone numbers were compromised. It has always allowed checks on email addresses or passwords that could be exposed. Since only 2.5 million email addresses reside in the leaked files, Hunt weighted the consequences of adding phone digit search in response to demand. That feature went live April 6th.

New or Resurrected Data Breach?

Facebook wants your mobile number to verify accounts or your identity if you misplace a password and cannot log in. Some users might find it convenient–until a breach like this hits the internet.

This isn’t Facebook’s first rodeo. There’s the notorious 2018 Cambridge Analytics/Facebook arrangement that tapped user “likes” to determine their political leanings. Other breaches have involved cloud server buckets left unsecured. In August 2019, the company announced it had fixed a bug connected to the “Add Friend” feature.

This Friend bug reportedly leaked an estimated 540 million files, and some security researchers believe that it provided the foundation for these new downloads. It’s not unheard of for hackers to first offer a data trove like this one for thousands of dollars, then eventually expose the data online at no charge.

FB has reportedly confirmed to some media that the 533+ million files leaked on August 3, 2021, is from the older data breach the company remedied, but that’s small comfort for the victims. However, if true, it does mean that data from this group of victims was already in limited circulation for several years.

Most Likely Attack Paths

Scammers utilize this data in multiple ways, but phishing or smishing (phishing by text) will top the list. That means you’ll receive texts or calls on mobile devices.

The emails compromised will also lead to phishing, social engineering or data seeking, but they represent less than .05% of the complete download. FB currently boasts over three million users.

A risk of cell phone compromise also exists if your apps require 2 Factor Authorization, known as 2FA or MFA. This can lead to SIM card compromises and significant smartphone issues, including takeovers.

What’s still unknown is other methods that would utilize this exposed data. When’s the last time you began to create a new online account, and the site prompted you to log in via your Facebook or Google account? If Facebook ID numbers were compromised as reported, it’s time to change your FB passcode to prevent any misuse on sites where you have credit card data stored. Ditto if you use FB pay or Google Pay.

Shield Yourself

IDShield’s plans monitor many key data points, including phone numbers, email addresses, home locations, and more. Our goal is to alert you to any breaches involving your data to help you take proactive steps fast.

It is possible to remove your cell number from FB’s files if you’re one of the users who didn’t want to share their numbers but surrendered the details to avoid the constant pop-up reminders.

Is it any consolation to victims that FB’s leader, Mark Zuckerberg, also had his cell number exposed in this leak? That’s debatable, but exposed users would probably love it to send him their thoughts on this latest FB data exposure.

LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.

ESS

Related Post

Graduates Prime Targets For Theft After Breach

Graduates Prime Targets For Theft After Breach

Amidst all the cards, balloons and congratulations, recent high school and college graduates received another present—the breach of credit card data used to order their caps and gowns. Supplier Herff Jones discovered the violation in mid-May as graduates flocked to...

Data Brokers: Who’s Tracking You?

Data Brokers: Who’s Tracking You?

Hackers Know All About You You already know how data breaches occur. Maybe you're fluent in the ways exposed information travels across the internet. Perhaps you even know all about the Dark Web, that uncharted segment of the internet where illegal transactions occur....

There Are 3 Major Data Breach Risks Lurking in Your Home

There Are 3 Major Data Breach Risks Lurking in Your Home

How to Keep Your Private Data Secure at Home After a busy day of work or play, many of us slip into downtime mode by logging onto the internet. You may be aware that your smart devices could be spying on you, but how often do you contemplate the security of your home...