Personal information leakage check site 'Have I Been Pwned?' Supports search by phone number



HIBP author Troy Hunt has announced that

'Have I Been Pwned? (HIBP) ', a site where you can check if your personal information has been leaked, supports searching by phone number. This will allow HIBP to search for leaks of their phone numbers due to Facebook's personal information leak problem, which has affected more than 500 million people.

Troy Hunt: The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned
https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/

Have I Been Pwned adds search for leaked Facebook phone numbers
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-search-for-leaked-facebook-phone-numbers/

On April 3, 2021, it was discovered that Facebook had leaked email addresses, phone numbers, profiles, etc. for 533 million people. Therefore, HIBP immediately responded to this problem by making it possible to search by email address whether the personal information leaked from Facebook does not contain your own data.

Free user data for 533 million people leaked How to check if the email address registered on Facebook is leaked --GIGAZINE



Hunt, the author of HIBP, was initially reluctant to respond to phone number searches. This is because the phone numbers contained in many databases are often inconsistent in format, making it difficult to match them with regular expressions, unlike email addresses. In addition, there was a risk that HIBP would be used for identification by a third party because HIBP corresponds to the phone number.

However, while the information leaked from Facebook contained more than 500 million phone numbers, it contained only millions of email addresses, so 99 of the people whose personal information was leaked. More than% had a problem that '' Not applicable 'is displayed even if you search by HIBP' even though you are actually suffering from damage. Also, in the data leaked from Facebook, the format of international phone numbers was unified, so it was possible to easily extract phone numbers.

So Hunt conducted a survey on Twitter to solicit opinions on whether HIBP would support phone number searches. As a result, 67.8% agreed and 32.2% disagreed, and the majority of the respondents requested that they support phone number searches even considering the risk of being used for identification.



So Hunt decided to add some data so that he could search for phone numbers on HIBP. At the time of writing the article, it is said that the international phone number code has been supported up to the number starting with '1' '3' '4' '6' '7' '8'. The Japanese code corresponds to the data added with '81', so let's actually search with HIBP.

Have I Been Pwned: Check if your email has been compromised in a data breach
https://haveibeenpwned.com/



Access HIBP from the above URL and enter the phone number in the search field. For example, if the phone number registered on Facebook starts with '090', change '0' to '+81' for international calls to '+8190', then enter the remaining numbers without hyphens and ' Click pwned? In addition, '+' may or may not be an option.



If the phone number you entered is not included in the leaked phone number, 'Good news — no pwnage found!' Will be displayed.



The phone numbers added to HIBP are only those leaked from Facebook in this leak problem, and do not include the phone numbers leaked in various past leak problems. However, Hunt said he would consider if a Facebook-like problem reoccurs in the future and he thinks it should support phone number searches. Also, since there are various variations in the data leaked from Facebook, it is necessary to note that the possibility that your information is leaked is not zero even if you do not find it by searching with HIBP. did.

in Web Service, Posted by log1l_ks