Understanding the breach
Facebook had a vulnerability that enabled malicious actors to upload large sets of phone numbers to see which ones matched Facebook users. This was exploited to create a massive database containing the mobile phone numbers (and associated Facebook personal data) of 533 million users across the world. This data was sold at a high price in small circles up until a few days ago, where it was shared publicly for free.
Why are mobile phone numbers worse than emails?
Before this massive leak, mobile phone numbers have generally been kept secret (i.e. not associated with any individual). The phone systems are also much older than the email systems and are operated by nation-scale telecommunication companies instead of world-scale software industry leaders.
For those reasons, security around those is lower and phishing attacks encounter nowhere near the level of resistance they would over emails. Protections against impersonation are also non-existent as most countries let anyone pick any alphanumeric Sender ID. SIM-jacking (taking over one's phone number) has also been on the rise in recent years, and has now been made much easier.
Can this be "fixed"?
Unfortunately, no. Facebook did fix the vulnerability as soon as they realized what happened, but the damage was done and 533 million mobile phone numbers were harvested in association with Facebook IDs and other personal data. Those can be enriched even more with data from other Facebook-focused data harvesting methods.
Due to the highly unchangeable nature of mobile phone numbers, especially with recent advances in portability, people switching to new phone numbers will simply not happen.
We have also noticed that the data from the breach has been so widely circulating that it can be considered public, free and eternal.
What can I do?
Make people in your circles aware of this breach and its implications. Figure out if your family, friends and colleagues had their phone numbers leaked, and inform them. We believe being informed and alert is a very effective defense against phishing and other types of attacks.
We made this simple website so that less tech-savvy people can understand what happened by themselves, and get interested and educated about the surge in attacks they might be facing in the near future.
Is this website exposing my phone number or any personal data?
No. We only display the last few digits of the phone numbers so people can confirm it's theirs, but the complete numbers can't be guessed.
The profile pictures come from the official public Facebook API.
You can also contact us if you do not wish to be listed on this website.