Private phone numbers of Facebook users are available through a bot on the Telegram messaging service for $20 per user, according to Vice’s Motherboard report on Monday (January 25, 2021). The database contains information of more than 500 million Facebook users, a person advertising the service told Motherboard. The bot also reportedly claims to provide details of users in 19 countries, including the UK, US, Canada, India, UAE and Australia.
The criminal or group of criminals responsible have constructed a Telegram bot to act as a search function for the data.
Potential buyers can now use the bot to divide through the data to find phone numbers that correspond to user IDs or vice versa with the full information being unlocked after paying for query “credits.” Those credits start at $20 for a single search and get cheaper if bought in bulk.
The Cyber Security researcher Alon Gal, who found this vulnerability says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2020.
“In early 2019 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.” Alon Gal said.
Also, Alon Gal mentioned “Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy.” along with the proof as below in one of his tweets.
Full list of affected users by country pic.twitter.com/Wrrzd0WyxE
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
In the above tweet, the date shows January 14, 2021. That means it has been discovered early this week but the news rolled out to the world after the post released by Vice’s Motherboard.
By 2019, Facebook already had more than 2 billion users worldwide. And the ease of access for this new bot means that even unsophisticated cybercriminals or hackers can obtain the information.
“It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts,” Alon Gal added.
Additionally, in 2018 there was a security flaw in Facebook that a software bug exposed the photos of up to 6.8 million @Facebook users, including pictures they had not posted. Several third-party apps had access to “a broader set of photos than usual” for 12 days in September, FB said. Affected users will be notified.
Every year Facebook and other platform users are facing difficulties with this kind of security flaws news and people are worried about using the social network platform. Also, people are becoming aware of their privacy, which we all came to know recently with the WhatsApp policy update. Where millions of user turned to secure sides like Signal and Telegram
