It kind of happened again.
Over the weekend, it was revealed that a huge data breach occurred at Facebook, the leak compromising various email addresses, phone numbers, full names, and dates of birth for more than 500 million accounts.
Per security firm, Hudson Rock, the breach occurred in January 2020, as noted here:
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries. It was severely under-reported and today [January 14 2021], the database became much more worrisome.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy.
Facebook confirmed the breach, but said that it actually took place in 2019, not 2020.
If you’re curious as to whether the hack affected you, you can do the following:
- Head to haveibeenpwned.com on your phone or desktop.
- Enter your email ID.
- If your email was compromised, you’ll get a warning to change the password and enable two-factor authentication. You can also scroll down on the page to see all the breaches that may have included your credentials tied to the email address you entered.
As of now, you can only search for your email address, albeit The Next Web has said it’s possible the database will be expanded to allow phone number searches too.
Once again, please be careful out there, consider using a secure password manager, and please switch on two-factor authentication where possible. This blocks two of the most common forms of attack: dictionary attacks, where the hacker tries a variety of commonly used passwords; and trying credentials from one breached website on a bunch of others.
Stay tuned for additional details as they become available.
Via 9to5Mac, haveibeenpwned.com, @UnderTheBreach, and The Next Web