And now, more than two years after it was initially stolen and sold to the highest bidder, the records have been shared online for anyone to see. Given that most of us keep the same mobile number and email address for many years, it’s a little worrying that so much personal information is now available publicly.
Fortunately, Have I Been Pwned is now using the stolen data published for free on the hackers forum to enable Facebook users to check whether their records were included in the large-scale breach back in 2019. Have I Been Pwned, created by renown security researcher Troy Hunt, is usually a way to find out whether your password has been included in a leak online. Entering the password will search publicly-available stashes of stolen passwords. If your details have been nabbed by hackers, you’ll need to change them.
People who use the same email address-password combination for multiple online accounts are at a higher risk, since criminals can use the stolen login credentials from one website to login to another – allowing them access to your email, social media, or worst of all, online banking portal.
MORE LIKE THIS
Facebook warning: Why you might soon be forced to change your login
When searching for phone numbers, you’ll need to include the country code for your current location – as that is how the hackers have stored the stolen data leak. So, if you have a mobile number in the United States, you’ll need to start your number with the country code of 1. Those in the United Kingdom will need to use +44, before dropping the first 0 of their number – exactly as if they were dialling the number from abroad.
Since more than 500 million phone numbers were stolen, but only a few million email addresses, it’s worth searching for both on Have I Been Pwned. After all, just because your email address leaked does not mean your phone number did too, and vice versa.
These can include fraudulent links to try to trick you by asking for you to login to a well-known service – Netflix, Apple ID, or a Google Account, for example – or creating a reason for you to input payment details – an unforeseen charge for a missed delivery from the Post Office, to claim a free month of Netflix, and more.
As always, if you think you have been the victim of a cyber attack, read Express.co.uk’s guide to the next steps to take here.