How to Check if Your Phone Number Is in the Huge Facebook Data Leak

Illustration for article titled How to Check if Your Phone Number Is in the Huge Facebook Data Leak
Photo: Chip Somodevilla (Getty Images)

Hacked data on over 553 million Facebook users was leaked online over the weekend, including names, birthdates, a Facebook user’s relationship status, the city where they live, their workplace, and sometimes even email addresses. But the most sensitive data included in the leak is arguably the phone numbers, which are often used for two-factor authentication. And now there’s a way to easily check if your phone number is in the leak—at least if you live in the U.S.

Advertisement

The website The News Each Day has a simple tool where you can input your phone number and see if it’s in the leak. Gizmodo tested the tool against some data from the actual Facebook leak and found it to be accurate. For example, we tested Mark Zuckerberg’s phone number, which is included in the leak. It worked. (We assume Zuck has changed his phone number by now.)

If you’re willing to risk handing over your phone number, all you need to do to check is input your phone number without any hyphens or periods. You also need to include the international country code at the beginning. For example, if you’re used to seeing your phone number in this form, 555-212-0000, you should get rid of the hyphens and add the digit “one” in front.

Using the same fake number above, the number you input should look like this: 15552120000. If you include a variation that’s anything but the string of numbers, the tool will falsely tell you that your number is not included in the leak. In reality, it very well could be.

Illustration for article titled How to Check if Your Phone Number Is in the Huge Facebook Data Leak
Screenshot: The News Each Day

Of course, it’s totally understandable if you don’t want to enter your phone number into some website you’ve never heard of. (There’s very little available information about The News Each Day, and its privacy policy says that all it tracks is clicks through Google Analytics.) So, if you want to check if the Facebook data dump affected you using a better-known tool, HaveIBeenPwned has updated its database to include the Facebook leak. Just head to the site and enter the email address associated with your Facebook account, and you can see if your personal information was compromised. You’ll also be able to see if your email address was included in any other breaches included in HaveIBeenPwned’s database.

Facebook hasn’t said much about the leak, except that the info was hacked in 2019. The data was offered in hacking forums for a price two years ago, but the thing that makes this weekend’s leak different is that the data has now been leaked for free. Anyone can find the 16GB of data with just a simple Google search.

Advertisement

Update 12pm ET, April 5: HaveIBeenPwned has updated its database to include the Facebook leak. Use that tool if you’re sketched out by The News Each Day tool.

Update 11:15pm ET: Updated links to the “privacy-friendly version” that includes new source code for inspection.

Advertisement

Matt Novak is a senior writer at Gizmodo and founder of Paleofuture.com. He's writing a book about the movies U.S. presidents watched at the White House, Camp David, and on Air Force One.

DISCUSSION

arcanumv
Arcanum Five

Is it at all concerning that this The News Each Day thing seems super, super sketchy?

It looks like it’s a news aggregator list, but the About page tells me nothing about who runs it. Googling it (even with quotation marks) produces NO results that point to the site you’ve linked.

Why would I want to run off and plug my phone number into some random website and hope they’re benevolent about it? “I’m not saving the phone number you enter” is hardly an iron-clad policy.

Can we find a useful tool that does the same thing that’s been vetted and hosted on a site someone’s heard of?