Did a Facebook security breach lead to my phone number being published?

It was revealed a few days ago that a huge amount of Facebook user data had been leaked online, with over 500 million accounts affected. This is estimated to account for around 20% of all Facebook users [1]. This includes more than 1.5 million Swiss accounts [2].

Where did my data come from?

It remains unclear where the leaked data came from. Figures from the world of cyber security believe that the leak resulted from an attack that took place as early as 2019 or 2020.


Phone numbers – a prized asset

It is common for sets of user data to be sold for high prices on hacker forums. The value of the data usually lies in the email addresses, which the buyer can use to send spam messages to unwitting victims.

In this example however, the masses of leaked phone numbers are of the most value. These are even more valuable for malicious purposes. In most cases, a phone number is harder to replace than an email address. Cold calls are harder to block, and therefore much more of a nuisance than spam emails.

Was my phone number leaked too?

Troy Hunt is a well-known security expert, who has been running the website haveibeenpwned.com for several years. He collects and catalogues data from security leaks without making their contents accessible to the public.

The idea of his service is to allow users to find out whether their data has been leaked. They simply have to enter their email address or phone number on the aforementioned website, and then they can see whether this information is in Troy’s database of leaked data.

Security notice: Before entering personal details such as your email address or phone number on a website, you should always think critically about whether the website is trustworthy.

Troy Hunt’s abovementioned service is highly regarded in the security world and classified as trustworthy. Database queries are not saved or logged. However, it’s entirely up to you whether you want to use the service.

My data has been leaked. What now?

The following basic principles can be applied to all accounts:

  • Never use the same password for multiple accounts.
  • If an email address is found in the database, you change the password of the relevant account immediately. If you use the same password for other accounts, change it for those too.
  • Be critical of requests made by email or text message. Leaked data from security breaches is often used for phishing attacks .
  • Use a password manager such as 1Password or BitWarden. This allows you to have a unique, secure password for each of your accounts.
  • Like many other internet services, Facebook is not renowned for its privacy and data security. It’s always worth asking yourself: do I really need this service or can I do without it?

Novaloop Consulting

We also offer consultation about security.