Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within the recent Facebook data leak that impacted 553 million users of the social networking giant.
The data of Facebook users from 106 countries are available for free, over 32 million records belonging to users from the US, 11 from the UK, and 6 million users from India. Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses.
Alosefer explained that the tool is ready and his researchers are adding new countries to the tool.
“I built the tool to help the end-users to identify if their private information has been leaked or no, it was a challenge as the dump is more than 30GB and has all kinds of private information for more than 553 million users.” Alosefer explained. “So I decided to develop this tool to allow the users to search by their mobile number only and get to know if their data have been leaked or no without exposed any other private information so it can not be used to harm anyone on the internet.”
Alosefer explained the leaked data could be exploited by threat actors to carry out a broad range of malicious activities.
“My recommendation for anyone found his mobile public is to ensure he enables the two-factor authentication in any app and service that uses his mobile such as Facebook, Whatsapp, Twitter, and if possible to change the mobile number linked to all his accounts as it will be the best option.” added the expert. “Finally, be careful of any attempts for Spear Phishing emails and SMS as it will grow more and more as the spammers have all the info they need to start targeting you.”
To determine if your data are included in the Facebook leak use the Cyber Leaks tool, within one hour the complete Facebook dump will be loaded in the service.
Popular researchers Troy Hunt also decided to implement the same search service inside its Have I Been Pwned data breach notification service:
“Another reason for pushing this feature out now is the sudden emergence of HIBP clones. I use this term endearingly; it’s flattering to see my project influence others 🙂 But I also have absolutely no idea how trustworthy any of the multiple variations I’ve seen pop up already are. So, to avoid any shadow of doubt, I wanted to make sure that if you’d like to know if you’ve been pwned in the Facebook data, you can ask HIBP regardless of whether it’s an email address or a phone number you’re interested in.” Hunt explained.
You can search your phone number on HIBP here:
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Facebook)
[adrotate banner=”5″]
[adrotate banner=”13″]