/ 9 April 2021

Facebook users can use phone numbers to check if their data was breached

Social Media Data Security
Prying eyes: Facebook users can check if personal data was breached by using their phone number. Data from more than 530-million accounts was leaked from the social platform. Photo: Jaap Arriens/NurPhoto/ AFP

South Africans can use their phone numbers to see if their Facebook data has been breached. The platform Have I Been Pwned enables you to determine whether your data has been breached in the latest data scraping of more than 500-million Facebook users. 

The safety of one’s personal information on social media platforms has come under renewed scrutiny after data of more than 530-million Facebook users was made publicly available on an unsecured database. 

Facebook Inc. quickly responded with a statement assuring account holders that they have not been hacked, and that the incident dates back to 2019.

“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019. Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums,” the Facebook statement said.

But how do you know if your data had been scraped from Facebook in 2019 and now floats somewhere in cyberspace? The recent data leak of over half a billion accounts has only some two million email addresses attached to it. All the rest of the breached accounts have only been linked by their phone numbers. 

Since the inception of Have I Been Pwned in 2013, users could search across multiple data breaches to see if their data has been compromised. However this was only possible using your email address. 

Australian tech expert and creator of Have I Been Pwned, Troy Hunt, quickly jumped to solve this problem.

With the latest adjustments in the last few days, the platform now can verify whether you have been breached by using your phone number. The ability to use a phone number instead of only an email address provides a more accurate confirmation of whether an individuals’ data has been breached or not. However, this functionality is limited to only the recent Facebook breach and not other known breaches. 

It is unclear how many South Africans’ phone numbers and names were compromised in the Facebook data breach. This is because South Africa has been grouped with the entire African continent and not as an individual country.  

Hunt assures users it is not necessary to change any passwords, as no passwords have been compromised. 

According to Hunt, victims do not have to be worried, but rather be aware of especially spam and phishing attacks that might occur in the near future.

Phishing is a technique used by fraudsters to obtain private data by pretending to be a legitimate organisation such as a bank.

“For the vast majority of people, the risk is solely a matching of a phone number to a name. So what could go wrong? Well, the most likely scenarios are it might be used for spam, and phishing, and very generic phishing as well. What I mean by generic as opposed to targeted is that if you really want to find someone’s phone number, there are lots of ways to do it,” explains Hunt.

In the same breath, Hunt adds that even before the half-billion Facebook leaks, we were already subject to cyber attacks. “Even before the Facebook incident, I received a lot of spam and phishing attacks. We need to be aware that there’s more information out there circulating now. We will probably see more spam and more phishing attacks as a result,” says Hunt. 

To check whether your account was one of those breached, you can visit haveibeenpwned.com.