We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

3:30pm, 7 April 2021

TLP Rating: Clear

Facebook data leak publicly available

CERT NZ is aware that specific account details relating to half a billion Facebook user accounts has been made publicly available. We understand this data was accessed in 2019 and contains personal information like full name, date of birth, phone numbers and email addresses.

What's happening

What this means

If you have a Facebook account, your account data may have been collected and posted online. This means attackers can easily access this information and may use it to carry out targeted and personalised scams.

What to look for

How to tell if you're affected

You can check if your data has been leaked using the website Have I Been Pwned. This free service allows you to check if your email and phone number have appeared in any data breaches.

Have I Been Pwned External Link

What to do


CERT NZ recommends that affected Facebook users take the following steps to secure their online accounts from potential misuse of this data: 

  • Understand how to protect from scams and fraud and what to do if you're affected. 

Understanding scams and fraud

  • Use a different password for each of your online accounts.
  • Make sure your passwords are long, strong and unique.
  • Keep your passwords safe. Try a password manager to store your passwords for you. 

Keep your data safe with a password manager

  • Turn on two-factor authentication (2FA) on your online accounts where possible, this provides an extra layer security if your password is ever compromised.

Enable 2FA

  • Make sure any account recovery questions and answers don't use publicly available information, for example don’t use your pet’s name or your hometown – get creative with your responses in a way that is easy and memorable for yourself.

More information

Have I Been Pwned External Link

Guide to good passwords External Link  

Use two-factor authentication to protect your online accounts External Link  

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link

For media enquiries, email our media desk at or call the MBIE media team on 027 442 2141.