- Phone numbers over 500 million Facebook users are being sold using a Telegram bot.
- As per a security researcher, the person who runs the Telegram bot has the information of over 500 million users.
- The information was leaked due to a vulnerability found in Facebook in 2019.
In a major breach in security, users' data of over 500 million Facebook users are being sold using a Telegram bot. As per a security researcher, the person who runs the Telegram bot has the information of over 500 million users. The information was leaked due to a vulnerability found in Facebook in 2019.
As per security researcher Alon Gal, a user created a Telegram bot that allowed users to access the database carrying the numbers of millions of Facebook users. He wrote, "In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.It was severely under-reported and today the database became much more worrisome."
"Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy," he added.
Alon revealed that users from over 100 countries have been affected.
As per a Motherboard report, the bot Telegram lets users find the phone number of another user if they have that person's Facebook ID and if the user has the phone number of the person, he can get his Facebook ID. However, in order to access such sensitive information, user will have to pay the person behind the bot $20. The bot is also selling information in bulk. For 10,000 credits the bot is charging $5,000
"It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors. It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts," Gal told Motherboard.
In the screenshots shared by Gal, it can be seen that the bot has been active since January 12, 2021 but it carries data of users' from 2019. Although you can say that the information is old, but people rarely change their phone numbers in the span of two or three years. So the chances are high that the numbers that are exposed are still being used by most of the users.