top of page

New tool available to check phone numbers from Facebook data breach

On 4th April 2021, another data breach was announced that occurred back in August 2019. This time it was Facebook with over 500 million users now having their phone numbers publicly available as well as a mixture of names, gender, email addresses, dates of birth, location, relationship status and employer details published. What can you do now?


As a business owner:

  • Have you signed up to a free service like https://haveibeenpwned.com and completed a check on all your organisation’s email accounts, called a Domain Search?

  • If user details appear, it may be prudent to force a password change on those accounts. Although it doesn’t look like this breach involved passwords, affected users may also be subject to other breaches where passwords have been compromised. Using a technique called credential stuffing, data from other breaches can be merged to allow unauthorised access to accounts where the user has used the same password across multiple accounts.

  • Are your systems configured to prevent a user from using breached passwords. There is a solution that stops users selecting a new password if its already on a breached list.

  • Have you activated 2 factor authentication on your organisations email accounts? Even with the correct password, access without a code to a fresh device wont be granted.

  • Have you provided any security awareness training for your staff. Knowing staff have had an input about the signs and symptoms of phishing emails and smishing scam text messages, knowing how to respond will make your first and last line of defence safer?


As an individual:

  • Are you registered with a free service like https://haveibeenpwned.com and completed a check on all your email accounts?

  • Have you turned on 2-factor authentication on your email account?


All users effected by this data breach will likely be the subject of future email and text scams.

  • If you receive a #phising #scam email, forward it to the Suspicious Email Reporting Service at report@phishing.gov.uk.

  • If you receive a #smishing #scam text message, forward it for free to 7726. Both services will review the message and if a scam, take action for instance prevent any further messages from being sent.

We can help start that journey to make you safer, head to www.secrc.co.uk/membership.

Comments


NPCC
TVP Logo
Hampshire Police Logo
SEROCU logo
Surrey Police Logo
Sussex Police Logo
Cyber Essentials Logo
Cyber Essentials Plus Logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of the South East Cyber Resilience Centre is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The South East Cyber Resilience Centre provides affordable services and Cyber Essential Partners if you need specific support. For specific questions please contact us at enquiries@secrc.police.uk.  The South East Cyber Resilience Centre does not accept any responsibility for any loss that may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

© 2022 - 2025 The South East Cyber Resilience Centre

Registered in England & Wales, No. 13263448 

TM

  • Facebook for South East Cyber Resilience Centre
  • LinkedIn for South East Cyber Resilience Centre
  • X for the South East Cyber Resilience Centre
  • Youtube for South East Cyber Resilience Centre
  • Instagram for South East Cyber Resilience Centre
  • RSS feed for South East Cyber Resilience Centre
  • Threads
bottom of page