Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within the recent Facebook data leak that impacted 553 million users of the social networking giant.
The data of Facebook users from 106 countries are available for free, over 32 million records belonging to users from the US, 11 from the UK, and 6 million users from India. Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses.
Alosefer explained that the tool is ready and his researchers are adding new countries to the tool.
“I built the tool to help the end-users to identify if their private information has been leaked or no, it was a challenge as the dump is more than 30GB and has all kinds of private information for more than 553 million users.” Alosefer explained. “So I decided to develop this tool to allow the users to search by their mobile number only and get to know if their data have been leaked or no without exposed any other private information so it can not be used to harm anyone on the internet.”
Alosefer explained the leaked data could be exploited by threat actors to carry out a broad range of malicious activities.
“My recommendation for anyone found his mobile public is to ensure he enables the two-factor authentication in any app and service that uses his mobile such as Facebook, Whatsapp, Twitter, and if possible to change the mobile number linked to all his accounts as it will be the best option.” added the expert. “Finally, be careful of any attempts for Spear Phishing emails and SMS as it will grow more and more as the spammers have all the info they need to start targeting you.”
To determine if your data are included in the Facebook leak use the Cyber Leaks tool, within one hour the complete Facebook dump will be loaded in the service.
Popular researchers Troy Hunt also decided to implement the same search service inside its Have I Been Pwned data breach notification service:
“Another reason for pushing this feature out now is the sudden emergence of HIBP clones. I use this term endearingly; it’s flattering to see my project influence others 🙂 But I also have absolutely no idea how trustworthy any of the multiple variations I’ve seen pop up already are. So, to avoid any shadow of doubt, I wanted to make sure that if you’d like to know if you’ve been pwned in the Facebook data, you can ask HIBP regardless of whether it’s an email address or a phone number you’re interested in.” Hunt explained.
You can search your phone number on HIBP here:
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Facebook)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.