Was my Facebook data leaked? Find out in 2 steps

Was my Facebook data leaked? Find out in 2 steps

Abstract shapeAbstract shape

The personal information of over 500 million Facebook users has been published on a hacker forum on the dark web. To put the impact into perspective, in 2019, the population of the entire United States was 328.2 million.

This data was stolen in 2019 after a vulnerability in Facebook’s ‘Add Friend” function was exploited. The vulnerability has now been patched, but the victims of the breach have been impacted for the second time after the data was published on the dark web on April 3 where it can be purchased for only $2.19.

The leaked Facebook data could include any of the following user information:

  • Name
  • Location
  • Mobile number
  • Email address
  • DOB
  • Occupation
Sample of leaked USA Facebook members with mobile numbers - Source:

How to find out if your Facebook data was leaked

To find out if your Facebook data is included in this breach, search the email address linked to your Faceook account on the website Have I Been Pwnd? This search engine indexes all data breaches associated with a specified email address.

Here’s how you do it.

Step 1: Load the Have I Been Pwned website.

have i been pwned

Step 2: Search the email address linked to your Facebook account

The search results will list all of the breached accounts linked to your email address and the specific data that was compromised in each breach.

What to do if your Facebook data was leaked

If you’ve been impacted by a breach, whether it was the Facebook breach or any other incident, the first thing you should do is change all account passwords associated with your email, especially if your compromised passwords are unchanged.

Passwords are seldomly changed across accounts, so a single breach could give threat actors access to all accounts linked to the impacted email address. To best protect your personal data, you should use a different password for each of your accounts and enable multi-factor authentication.

The second important thing to be aware of is that you will likely be targeted in multiple phishing attacks. In a phishing attack, a seemingly innocuous email is sent to an impacted email address. When the recipient clicks on a link in the email, a series of malicious actions are activated which could include, credential theft and even unsolicited bank account withdrawals if you’re logged into your bank at the time.

IMPORTANT: If a senders domain matches the domain name of the represented business, that does not guarantee that the email is not malicious. If a domain does not have the required security filters in place, cybercriminals could send fake emails on the business’s behalf.

Before replying to any business email you should always confirm its legitimacy by contacting the business directly either by phone or via a separate new email.


UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape