There's a good discussion on this by Troy Hunt[1].
> But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.[2]
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too. This data is everywhere already.[3]
> New breach: Facebook had 2.5M addresses exposed in an incident that impacted 533M subscribers' phone numbers. Most records contained name and gender, many also included DoB, location, relationship status and employer. 65% were already in @haveibeenpwned[4]
> If we look at the data, email is rare, DoB is rare so the greatest impact here is the phone numbers. Even though it’s “only” 20% of FB users, the number is obviously substantial thus so is the impact[5]
Anyone know if Haveibeenpwned will have this type of info? I'm super curious to search my name, warn people i know, etc - but i'm not sure i want to search for and/or download the data.
What's a good way to know if myself or my loved ones are in it?
"I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly."
Seems he'll only add the records with email addresses and not phone numbers:
> And no, I have no intention of adding phone number search in the foreseeable future. There's a User Voice suggestion for that and a comment from me which boils down to "much higher work and much lower value"
Not sure how this is too much work unless everything is tightly coupled with relating an email address to everything in their database and not a keyword to search for.
Seems the difficult work is normalizing all of the data and making it easily searchable for all:
> I also can’t parse the, out with a regex like I can an email address as they don’t adhere to a consistent format. Further, the inconsistencies in format make searching difficult as they’d have to be “normalised” and that’s something that’s very country (and even region) specific.
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too.
I made a Google search 8 hours ago. There were 10 pages hits of link spammers where you have won an Iphone, but they don't have the data. So, yes public interest seems big. I wonder why Google cannot catch those, after opening the first one I could recognize the rest from the address and the snippet. Google did not have a correct link that still had the data. Maybe they are not publishing those, getting bad reputation to big data is not exactly in their interest.
> But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.[2]
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too. This data is everywhere already.[3]
> New breach: Facebook had 2.5M addresses exposed in an incident that impacted 533M subscribers' phone numbers. Most records contained name and gender, many also included DoB, location, relationship status and employer. 65% were already in @haveibeenpwned[4]
> If we look at the data, email is rare, DoB is rare so the greatest impact here is the phone numbers. Even though it’s “only” 20% of FB users, the number is obviously substantial thus so is the impact[5]
[1]: https://twitter.com/troyhunt
[2]: https://twitter.com/troyhunt/status/1378485999781613569
[3]: https://twitter.com/troyhunt/status/1378513457209696256
[4]: https://twitter.com/haveibeenpwned/status/137855490210063565...
[5]: https://twitter.com/troyhunt/status/1378474534760685568