Facebook users can now search by phone number on Have I Been Pwned. Owner Troy Hunt has added more than 500 million songs from the online Facebook dataset. Previously, it was only possible to search by e-mail address.
Hunt did not initially plan to add phone number search to his service, but HIBP got the last millions of visitors per day because of the leaked Facebook dataset who was in the news. Users want to know if their phone number is part of the leak, but HIBP was unable to find out for most users.
The Facebook dataset had already been added to the service, but users could only see if their phone number had been leaked if their email address is also part of the relevant dataset. That was only the case with 2.5 million users. According to Hunt, 99 percent received of visitors can see that they are ‘not affected’ as a result, while there is a good chance that their telephone number is part of the dataset.
As a result of the leaked telephone numbers appeared various alternative websites that make it possible to search the dataset. This, too, has moved the owner of HIBP to make the telephone numbers searchable, so that users can go to the known service and do not have to enter data on a website whose reliability is unknown.
All users can on Have I Been Pwned now on a phone number. That works just like with email addresses. If the number is part of a data breach, this will be indicated without disclosing any further information.
The Facebook data comes from a data breach several years old. The dataset is now extensively in the news as the full database is offered for free on hacker forums. RTL Nieuws estimates that there are telephone numbers of 5.4 million Dutch people in the database. It also includes other personal information, which can, for example, be misused for targeted phishing attacks.