How to check if hackers are sharing your Facebook data

Share this storyShare on Facebook
Tweet about this on Twitter
Share on LinkedIn

At this point, there’s a good chance your Facebook data has been hacked, sold, leaked, or generally misused by third parties.

Now, at least in the case of the latest troubling Facebook-related incident which made the news over the weekend, there’s a way to know for sure. 

On Tuesday, Have I Been Pwned?, a “free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised,” announced it had added to its searchable database the 533 million Facebook users’ phone numbers that are being swapped around by hackers.

The site, run by data breach expert Troy Hunt, lets people input their phone number to check if they’re included in the scraped Facebook data set (which includes more than just phone numbers). If so, the site tells victims what was likely exposed, and what steps they can take to protect themselves. 

“The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address,” explains Have I Been Pwned? “Most records contained names and genders with many also including dates of birth, location, relationship status and employer.”

On Sunday, Facebook said in a statement to Mashable that this “is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

The company also published a blog post on Tuesday, which explained that the user data in question was scraped off its platform. “Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this,” read the statement in part. 

Of course, not all of the information included in this data set — which Bleeping Computer, an information security and tech news site, reports includes “member’s mobile number, Facebook ID, name, gender, location, relationship status, occupation, date of birth, and email addresses  — might be considered “public.”

If you do find that your Facebook data was scraped by bad actors, there’s unfortunately not a lot you can do at this point. As Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity, noted Monday, you can’t really change things like birthdays and phone numbers often remain static for years. 

Thankfully for users whose personal information is now being passed out free of charge by hackers, the website Have I Been Pwned? is a bit more responsive.