- Phone numbers of several Facebook users are being sold using Telegram bot.
- It has been reported that a cybercriminal forum had been selling the database.
- The report suggests that the data of over 500 million users have been exposed.
Facebook landed in a soup recently when a security researcher unearthed that the phone numbers of Facebook users are being sold using a Telegram bot. It has been reported that a cybercriminal forum had been selling the database containing phone numbers and Facebook IDs using an automated telegram bot. The report suggests that the data of over 500 million users have been exposed.
The report has suggested that the database contains data of 2019. While you might think that the data is obsolete, not everyone changes their phone numbers within two or three years. There are high chances that most Facebook users have been affected due to the vulnerability that was found in 2019. So here is everything that you should know about the latest Facebook gaffe.
— Security researcher Alon Gal reported on Twitter that a Telegram bot was created that carried sensitive information of scores of Facebook users. "In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.It was severely under-reported and today the database became much more worrisome," he wrote.
— A report by Motherboard had stated that the bot on Telegram lets users find the phone number of another user if they have that person's Facebook ID and if the user has the phone number of the person, he can get his Facebook ID. However, in order to access such sensitive information, the user will have to pay the person behind the bot $20. The bot is also selling information in bulk. For 10,000 credits the bot is charging $5,000.
— Gal in his report had revealed that users from over 100 countries have been affected in this major data breach. "Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy," he added.
— Gal has shared some of the screenshots of the data exposed on the Telegram bot. It shows that the bot has been active since January 12, 2021, but it carries data of users' from 2019. "It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors. It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts," Gal told Motherboard.