Troy Hunt, an Australian security researcher who runs the HaveIBeenPwned breach notification site, has added the 533 million phone numbers exposed in the Facebook breach to his site.

This means that anyone concerned that their cell phone number might be included in the Facebook breach revealed this weekend can go tohttps://haveibeenpwned.com/ and enter it.

"We never intended to make phone numbers searchable," Hunt explained in a blog post today (April 6). 'It was the Facebook data that changed everything.'

HaveIBeenPwned was designed to allow people to see if their email addresses and passwords had been compromised in a data breach or data leak. However, most of the exposed Facebook records had no email addresses attached and no passwords.

"There are over 500 million phone numbers, but only a few million email addresses, so more than 99% of them should have been 'hits' but were 'missed,'" Hunt wrote.

We have seen at least one other website spring up that offers to match your phone number with Facebook data. We recommend sticking with HaveIBeenPwned, as this is exactly the sort of thing scammers might try to pull off to take advantage of the publicity.

So what should you do if you find out that your cell phone number is part of a Facebook leak?

First, be more aware of spam and scams targeting you by phone and email. Like landlines of the past, cell phone numbers are virtually public and anyone can try to contact you. Don't assume that just because someone texts you or calls you, they know who you are.

Next, if you have enabled two-factor authentication (2FA) for your online accounts (and you should), change the 2FA authentication method from text messages to another authentication method for as many accounts as possible.

Text messages are not secure. They are not encrypted, can be intercepted, and can be spoofed. Since most people have cell phones, they are only used by businesses for 2FA.

The easiest 2FA method to employ after a text message is probably an authenticator app, which generates a 4- or 6-digit temporary code on your phone of the same type that companies send you in a text message. authy, Duo, Google Authenticator apps are recommended.

You can also sign up for push notifications, which Microsoft and Google are very good at. If you want to be super secure, purchase two USB security keys.

Each of these methods has its own set-up instructions, which can be found on the website of each of the supported online services.