Phone numbers belonging to up to 11 million people in the UK have been posted online, prompting concern from onlookers.
People can now check whether their phone numbers are among the data stolen from more than 500 million Facebook users – including 11 million from the UK – and leaked online.
Facebook has confirmed that the data is related to a historic breach related to a technical flaw the company “found and fixed” in August 2019, although privacy regulators are now asking additional questions.
Searchers should include the country code with their query, so in the UK it would begin 4479… and so on.
Troy Hunt, the security researcher who runs the service, says he has seen “near-unprecedented traffic” over the past few days, prompting him to include the phone number search feature alongside its regular email address one.
Mr Hunt said that the Facebook data dump “changed” his thinking about why to only include email addresses rather than phone numbers.
“There’s over 500 million phone numbers but only a few million email addresses so more than 99% of people were getting a ‘miss’ when they should have gotten a ‘hit’ [when searching to see if their data was compromised],” he explained.
However, Mr Hunt criticised the company, stating: “Facebook are yet to put out a clear position on this. They’ve alluded to a 2019 incident being the root cause, but that doesn’t go far enough to explain the data in circulation,” he added, noting multiple different datasets were circulating in a lot of hacker forums.
“There’s a vacuum of information right now, and that vacuum is being filled with by a lot of speculation.”
In December 2019, a Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users – nearly all US-based – on the internet.
In a statement relating to the most recent incident, Facebook said: “This is old data that was previously reported on in 2019.