Troy Hunt (who runs
The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works. There’s been huge interest in this incident, and I’ve seen near-unprecedented traffic to Have I Been Pwned (HIBP) over the last couple of days, let me do my best to explain how I’ve approached the phone number search feature. Or if you’re impatient, you can head over to HIBP right now and search for your number.
There’s over 500M phone numbers but only a few million email addresses so >99% of people were getting a “miss” when they should have gotten a “hit”. The phone numbers were easy to parse out from (mostly) well-formatted files. They were also all normalised into a nice consistent format with a country code. In short, this data set completely turned all my reasons for not doing this on its head.
This Facebook hack just adds more fuel to the fire for me. Facebook. Feh.