New tool available to check phone numbers from Facebook data breach

On 4th April 2021, another data breach was announced that occurred back in August 2019. This time it was Facebook with over 500 million users now having their phone numbers publicly available as well as a mixture of names, gender, email addresses, dates of birth, location, relationship status and employer details published. What can you do now?


As a business owner:

  • Have you signed up to a free service like https://haveibeenpwned.com and completed a check on all your organisation’s email accounts, called a Domain Search?

  • If user details appear, it may be prudent to force a password change on those accounts. Although it doesn’t look like this breach involved passwords, affected users may also be subject to other breaches where passwords have been compromised. Using a technique called credential stuffing, data from other breaches can be merged to allow unauthorised access to accounts where the user has used the same password across multiple accounts.

  • Are your systems configured to prevent a user from using breached passwords. There is a solution that stops users selecting a new password if its already on a breached list.

  • Have you activated 2 factor authentication on your organisations email accounts? Even with the correct password, access without a code to a fresh device wont be granted.

  • Have you provided any security awareness training for your staff. Knowing staff have had an input about the signs and symptoms of phishing emails and smishing scam text messages, knowing how to respond will make your first and last line of defence safer?


As an individual:

  • Are you registered with a free service like https://haveibeenpwned.com and completed a check on all your email accounts?

  • Have you turned on 2-factor authentication on your email account?


All users effected by this data breach will likely be the subject of future email and text scams.

  • If you receive a #phising #scam email, forward it to the Suspicious Email Reporting Service at report@phishing.gov.uk.

  • If you receive a #smishing #scam text message, forward it for free to 7726. Both services will review the message and if a scam, take action for instance prevent any further messages from being sent.

We can help start that journey to make you safer, head to www.secrc.co.uk/membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.