An unnamed hacker has uploaded the phone numbers and account details of around 533 million Facebook users to a cyber crime forum on the internet.
The information comes from at least one of two data breaches in 2019, which were reported at the time and which Facebook says it has now fixed - but which today have been the subject of an alert by Crown agency CERT NZ.
Data journalist Keith Ng extracted the New Zealand numbers he could find in the database, and created a tool that you can use to check if your phone number has leaked out on the internet.
If your phone number is in the database, be extra vigilant should any out-of-the-blue emails or texts arrive, asking for further information. It could be an opportunistic hacker trying to phish you.
CyberCX researcher Adam Boileau said vulnerable people and celebrities whose phone and account details have been hacked may need to consider getting a new phone number for security.
However, it was important to keep the issue in perspective, Boileau said.
"It's phone numbers. We used to put them in phone books, and give them to every house. If it was 500 million passwords, then maybe it would be worth some froth.
"However, Facebook's lost hundreds of millions of phone numbers so many times already that the incremental difference to people is probably zero."
Nevertheless, it's recommended that users set up two-factor authentication on Facebook and other accounts that support the feature. You should do this even if you have to use SMS, which is less secure than authentication apps and hardware keys, but better than no two-factor authentication at all, Boileau said.
A password manager that helps create complex login credentials and securely store them is also a good idea. Password managers that warn if you reuse credentials across multiple sites, or if they have been found in leaks, are also worthwhile.
Finally, users should weigh up whether having a Facebook account is worth the privacy and other risks it entails.
App privacy
All personal information has been removed from the database that contains the information for the NZ Herald's tool.
No information entered into the tool is stored by the NZ Herald.
The Office of the Privacy Commissioner has been informed of the lookup tool.