An online tool allows users to see if their details were exposed in data leaks - but is it safe?

By Alex Nelson
Published 7th Apr 2021, 10:35 BST
The data leak is not thought to include the full account details of those affected (Photo: ALASTAIR PIKE/AFP via Getty Images)The data leak is not thought to include the full account details of those affected (Photo: ALASTAIR PIKE/AFP via Getty Images)
The data leak is not thought to include the full account details of those affected (Photo: ALASTAIR PIKE/AFP via Getty Images)

A new online tool allows social media users to determine whether their personal details were compromised by a recent Facebook data breach.

Have I Been Pwned? (HIBP) gives internet users the opportunity to check whether their phone numbers or email addresses were exposed in that leak, and a large number of other online data breaches.

Hide Ad
Hide Ad

The private credentials of over 530 million people worldwide were affected when a database containing the details leaked online.

Facebook says the details combed through by the online tool are from an “old” breach that took place in 2019 and has since been rectified, but a number of privacy watchdogs have launched investigations.

Here is everything you need to know about it.

Why now?

The social network says a 2019 data leak was "found and fixed" more than 18 months ago.

The breach was not widely known about at the time, and it’s not even clear if such a breach is the reason behind the abundance of personal details being made available online, appearing on a hacking forum where the database of affected accounts is available for free.

Hide Ad
Hide Ad

“Facebook is yet to put out a clear position on this,” said Troy Hunt, the security expert who runs HIBP.

“They've alluded to a 2019 incident being the root cause, but that doesn't go far enough to explain the data in circulation,” he told the BBC. “There's a vacuum of information right now, and that vacuum is being filled with a lot of speculation.”

Ireland's Data Protection Commission said it was working with the tech firm to establish if “the dataset referred to is indeed the same as that reported in 2019”.

How many accounts are affected?

Whether fixed or not, the 2019 breach will be worrying to many users, with over 530 million people affected across more than 100 countries worldwide according to researchers.

Hide Ad
Hide Ad

In the UK, it is estimated that 11 million Facebook account holders became victims of the leak.

It’s also alleged that Facebook founder Mark Zuckerberg was one of the many millions of people whose personal phone numbers were leaked online.

"This is the number associated with his account from the recent Facebook leak," security expert Dave Walker tweeted in a post which revealed Zuckerberg is also a member of Signal, an encrypted messaging service, and a direct competitor to the Facebook-owned Whatsapp.

The data leak is not thought to include the full account details of those affected, but 500 million phone numbers were compromised, alongside “a few million email addresses”.

Hide Ad
Hide Ad

That’s according to Hunt, who said including phone numbers in searches through the tool previously “didn't make sense for a bunch of reasons”, but the Facebook leak “completely turned all my reasons” for not doing so “on its head”.

How does it work and is it safe?

It’s alleged that Facebook founder Mark Zuckerberg was one of the millions whose personal phone numbers were leaked (Photo:JOSH EDELSON/AFP via Getty Images)It’s alleged that Facebook founder Mark Zuckerberg was one of the millions whose personal phone numbers were leaked (Photo:JOSH EDELSON/AFP via Getty Images)
It’s alleged that Facebook founder Mark Zuckerberg was one of the millions whose personal phone numbers were leaked (Photo:JOSH EDELSON/AFP via Getty Images)

The tool is about as simplistic and user-friendly as you can imagine.

Simply enter the phone number or email address you want to check, and HIBP will comb through its database to see if your details are available as a result of online data leaks of the past.