Get more Mail & Guardian
Subscribe or Login

Facebook users can use phone numbers to check if their data was breached

South Africans can use their phone numbers to see if their Facebook data has been breached. The platform Have I Been Pwned enables you to determine whether your data has been breached in the latest data scraping of more than 500-million Facebook users. 

The safety of one’s personal information on social media platforms has come under renewed scrutiny after data of more than 530-million Facebook users was made publicly available on an unsecured database. 

Facebook Inc. quickly responded with a statement assuring account holders that they have not been hacked, and that the incident dates back to 2019.

“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019. Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums,” the Facebook statement said.

But how do you know if your data had been scraped from Facebook in 2019 and now floats somewhere in cyberspace? The recent data leak of over half a billion accounts has only some two million email addresses attached to it. All the rest of the breached accounts have only been linked by their phone numbers. 

Since the inception of Have I Been Pwned in 2013, users could search across multiple data breaches to see if their data has been compromised. However this was only possible using your email address. 

Australian tech expert and creator of Have I Been Pwned, Troy Hunt, quickly jumped to solve this problem.

With the latest adjustments in the last few days, the platform now can verify whether you have been breached by using your phone number. The ability to use a phone number instead of only an email address provides a more accurate confirmation of whether an individuals’ data has been breached or not. However, this functionality is limited to only the recent Facebook breach and not other known breaches. 

It is unclear how many South Africans’ phone numbers and names were compromised in the Facebook data breach. This is because South Africa has been grouped with the entire African continent and not as an individual country.  

Hunt assures users it is not necessary to change any passwords, as no passwords have been compromised. 

According to Hunt, victims do not have to be worried, but rather be aware of especially spam and phishing attacks that might occur in the near future.

Phishing is a technique used by fraudsters to obtain private data by pretending to be a legitimate organisation such as a bank.

“For the vast majority of people, the risk is solely a matching of a phone number to a name. So what could go wrong? Well, the most likely scenarios are it might be used for spam, and phishing, and very generic phishing as well. What I mean by generic as opposed to targeted is that if you really want to find someone’s phone number, there are lots of ways to do it,” explains Hunt.

In the same breath, Hunt adds that even before the half-billion Facebook leaks, we were already subject to cyber attacks. “Even before the Facebook incident, I received a lot of spam and phishing attacks. We need to be aware that there’s more information out there circulating now. We will probably see more spam and more phishing attacks as a result,” says Hunt. 

To check whether your account was one of those breached, you can visit

Vote for an informed choice

We’re dropping the paywall this week so that everyone can access all our stories for free, and get the information they need in the run up to the local government elections. To follow the news, sign up to our daily elections newsletter for the latest updates and analysis.

If our coverage helps inform your decision, cast your vote for an informed public and join our subscriber community. Right now, a full year’s access is just R510, half the usual cost. Subscribers get access to all our best journalism, subscriber-only newsletters, events and a weekly cryptic crossword.

Eunice Stoltz
Eunice Stoltz is a junior daily news reporter at the Mail & Guardian. She was previously a freelance journalist and a broadcaster at Maroela Media and Smile90.4FM.

Related stories


Already a subscriber? Sign in here


Latest stories

Cliff and Steenhuisen are wrong. Here’s why race matters in...

Both the podcast host and the leader of the Democratic Alliance believe in a toothless non-racialism that ignores the historical foundation of racism and the pain it inflicts in the present

Mission implausible for the DA’s man in Nkandla

Malibongwe Dubazane is contesting all 14 of the IFP-run Nkandla local municipality’s wards

Andries Tatane’s spirit will drive fight against ANC in Ficksburg

The nascent Setsoto Service Delivery Forum is confident it can remove the ‘failing ANC’ in the chronically mismanaged Free State municipality

Paddy Harper: On gleeful politicians and headless chickens

Paddy Harper doesn’t know who to vote for yet, since the Dagga Party isn’t contesting his ward, but right now what to order for lunch is a more pressing concern

press releases

Loading latest Press Releases…