What to Do If Your Phone Number Is One of the 309 Million Numbers That Were Leaked by Facebook?

If you use Facebook, it is likely that you have used your personal phone number to verify yourself or to provide your Facebook friends with a way to contact you. You can add the number to the About section on your profile page, where you can also add your home address, email address, social links, date of birth, and other personal information. While you can adjust the settings to limit who can view this information, you have to think about whether it would not be best to delete this information completely. In fact, it is always a good idea to limit the exposure of private information. If you have multiple social networking accounts, think about what kinds of information is available publicly, and think whether that information could be used against you.

Unfortunately, even if you only allow friends and followers to access personal information, you cannot prevent data leaks. Facebook itself and the associated third parties, who have access to sensitive data, could be responsible for that, and it is not up to you to ensure that they secure your private information appropriately. Hopefully, Facebook and third parties understand that; however, errors, vulnerabilities, and mishaps cannot be prevented. For example, it was recently reported that 5,000 app developers had access to personal Facebook users’ information because of a simple bug. You cannot prevent such bugs, but you can enhance your Facebook privacy to ensure that you are not harmed even when vulnerabilities and data breaches occur. While all personal details are sensitive, and you must secure all of them, we suggest looking at your mobile number that is linked to your Facebook account first.

Facebook privacy is jeopardized when sensitive information is leaked

Earlier this year, researchers at Comparitech found a password-unprotected database that contained hundreds of millions of private Facebook users’ records. At the time of research, it was not clear what had led to the leak of these records, but it was believed that vulnerabilities within Facebook’s third-party developer API could have facilitated that. In a different scenario, private records could have been accumulated through a process of scraping, during which hackers retrieve all publicly available data illegally. The first server that contained all leaked information became inaccessible soon after its discovery in December. However, in March, a new server containing the same information was found. Unfortunately, this time, even more personal records were revealed. Initially, the leak consisted of 267 million unique Facebook IDs, full names, timestamps, and phone numbers. During the second wave, 42 million records were added, and these included unique Facebook IDs, phone numbers, profile details, email addresses, and “other personal details.”

In total, 309 million sensitive records were leaked, and they were available to anyone. While access to the first server was disabled after researchers got involved and reported Facebook privacy violations to the host, the second server was attacked by an unknown party, after which, sensitive records were replaced with random data. Unfortunately, the database was open for days every time, which means that the exposed data could have been accessed and copied by malicious parties.

Hackers can jeopardize your Facebook privacy with email addresses and phone numbers

It is impossible to know who might have your Facebook ID, full name, email address, and phone number if this data was included in the exposed database. Unfortunately, this leaves you extremely vulnerable. While passwords were not leaked, your Facebook privacy could suffer anyway. For one, phishing attacks could be performed. With an email address and a full name in hand, the attackers can send personalized messages with requests to update/reset/change your password. Password reset codes and links to fake login pages could be sent via SMS as well. This is how the exposed phone number could be exploited.

In a different scenario, your Facebook privacy could be jeopardized if attackers decide to brute-force access to your account. Since your Facebook ID and email address are exposed, the attackers can use special software and hardware to try to guess your password. Unfortunately, people continue to use weak passwords that are not that hard to crack, and if hackers succeed, they can take over accounts. Therefore, although passwords were not leaked, we strongly advise that you update your password as soon as possible. Note that your Facebook password has to be unique, long (12 characters or more), contain letters, numbers, and symbols, but should not contain words or personal details (e.g., names of your hometown, school, parents, pets etc.). Ideally, you cannot remember the password you create, which, of course, creates a problem. The good news is that you do not actually need to remember passwords if you use a tool like the Cyclonis Password Manager.

How to protect leaked phone numbers

While you can change your password after it gets leaked, you cannot change your name, and it might be too much of a hassle to change the exposed phone number or email address. That being said, if you used a phone number to verify yourself when logging into your account, you might want to look into a different authentication method (go to Use two-factor authentication to learn about your options). While you are at it, you should also adjust your Facebook privacy settings to ensure that the personal information you share is only visible to friends and cannot be exploited by malicious parties. Another thing to keep in mind if you need to protect leaked phone numbers is that you might receive misleading texts with links, codes, and requests. Without a doubt, you must pay attention to all messages that you receive, and you must evaluate them carefully before interacting with them.

Ultimately, you might be unable to protect leaked phone numbers completely, especially if you want to share them and if you want to use them for two-factor authentication. However, keep in mind that you can minimize your chances of having your Facebook privacy jeopardized by choosing appropriate privacy settings and limiting access to the information you share. Hopefully, you can ensure Facebook privacy in the future, and remember that keeping yourself informed always puts you one step ahead.

By Foley
July 23, 2020
July 23, 2020

Cyclonis Backup

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.