Have I Been Pwned included a search for data leaked from Facebook by phone number

Have I Been Pwned
Written by Emma Davis

Last weekend, the data of 533 313 128 Facebook users were published on the darknet, and now Have I Been Pwned included a search for data leaked from Facebook by phone number.

This dump includes phone numbers, names, Facebook IDs, email addresses, location information, gender, date of birth, work, and other data that may have contained social network profiles.

This leak differed from others by the fact that it contained not only data from public profiles, but also phone numbers associated with these accounts.

This information first appeared on the darknet back in the summer of 2020, when one of the forum members began selling Facebook user data.Bleeping Computer journalists note.

According to information security experts, back in 2019, cybercriminals exploited a vulnerability related to the Add a Friend function, which allowed them to gain access to phone numbers. This bug has been fixed long time ago.

Facebook representatives confirmed the leak, but said that “this is an old data, which was previously reported in 2019.”

In a recent statement, the company says that the leak is not associated with any vulnerability or hacking, but with the usual data scraping. That is, in 2019, scammers “who deliberately violate the platform’s policy” simply collected information from public user profilesmby abusing contact import functions.

We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists. Facebook representatives reported.

The Have I Been Pwned Leak Aggregator has already added a leak to its base. That is, anyone can check if this problem affected him. At first, verification was possible only by email address, but only 2.5 million of 533 million records included an email address. That is, a search by email address most often yielded no results.

As a result, the founder of the resource, Troy Hunt, added the option to search by phone numbers to HIBP, although this was a non-trivial task due to the different number formats. A phone number search is performed with the addition of a specific country and region code, as shown in the illustration below.

Have I Been Pwned

Let me remind you that the Italian company TG Soft has launched a Have I Been Emotet service (similar to the well-known Have I Been Pwned), which checks if a specific domain or email address was used as a sender or recipient in Emotet spam campaigns.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply