More than seven million Aussie Facebook accounts have been  hacked and exposed online. Here’s how you know if yours was breached.
More than seven million Aussie Facebook accounts have been hacked and exposed online. Here’s how you know if yours was breached.

How to know if your Facebook was hacked

Private information associated with some 7.3 million Australian Facebook accounts has been posted online after a massive data breach.

Fraudsters gained access to the data in 2019 after which it was traded for money for a while before being unceremoniously dumped online this week for the world to see.

The data includes phone numbers of many of the users, an aspect that sets the data breach apart from many other incidents. It's more common that email addresses and passwords are compromised in data breaches.

"The exposure of phone numbers is noteworthy," said Troy Hunt, an Australian web security expert and creator of the site Have I Been Pwned.

The site lets users plug in their email address or phone number to find out if it's been included in any data sets exposed by criminals.

The website lets users find out if their personal data has been compromised.
The website lets users find out if their personal data has been compromised.

Pwned is internet slang for "owned" - in other words, compromised.

It can be unsettling to find out one's personal details have been exposed in a hack. In some cases, plugging in an email address into Mr Hunt's website can reveal a single account has been associated with multiple hacks, some dating back over a decade.

But it's good to be aware if it has happened. People are encouraged to change their passwords - as often as possible, and especially if it's been associated with an online account that has been compromised.

As for the latest incident, while it's unusual and also quite big - more than half a billion global users were affected - it's actually not as worrying as some other breaches, Mr Hunt said.

Troy Hunt created the Have I Been Pwned website. Picture: Supplied
Troy Hunt created the Have I Been Pwned website. Picture: Supplied

"There were no passwords exposed, so you don't have to worry about that. I would recommend heightened awareness more than anything," he said.

A possible consequence of having one's phone number leaked online, especially when it's associated with other personal details like name and suburb, is that scammers could seek to take advantage by sending spam messages or attempting a phishing attack.

Phishing is when a scammer attempts to gain access to private accounts by tricking people into clicking harmful web links masquerading as safe ones.

Facebook acknowledged the breach had happened in a press statement on Tuesday.

But the company said it wasn't technically a hack - rather, the attackers took advantage of a loophole in the site's system that made it possible to collect the phone numbers users had provided on a massive scale.

The fraudsters uploaded large sets of phone numbers and matched them to other information using a feature designed to help Facebook users find their friends on the site by plugging in their number.

"As a result of the action we took (at the time), we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists," Facebook said in the statement.

Originally published as How to know if your Facebook was hacked



Sentence delivered 12 years after $32,000 jewellery heist

Premium Content Sentence delivered 12 years after $32,000 jewellery heist

The man was identified several years after the offence through DNA

Man enters plea for cultivating $17.79 million worth of cannabis

Premium Content Man enters plea for cultivating $17.79 million worth of...

The Vietnamese man is one of four accused of cultivating the large quantity of...

$2.2 million for much-needed Ballina Shire bridge upgrade

Premium Content $2.2 million for much-needed Ballina Shire bridge upgrade

Work on the upgrade is set to begin within 12 months and it will mean haulage...