Mobile phone numbers of close to 500 million Facebook users are available for sale via an automated Telegram bot, reported Motherboard. The website was first alerted about the bot by Alon Gal, who is the co-founder and CTO of cybersecurity firm Hudson Rock. Also Read - Facebook introduces new features for better interactions on Messenger, Instagram
According to Gal, a vulnerability that was reported in 2020 and patched as well, was exploited to create a database containing the information of 533 million users across all countries. This includes data on Facebook users from countries including India, Australia, the US, and Canada. In India, data of over 6,162,450 users have been affected. Also Read - Facebook Neighborhoods to make it easy for locals to connect: Here's how it works
Although the data is from 2019, it still poses a privacy and security risk for people whose phone numbers have been exposed. It is uncommon that users change their phone numbers every year, so a large number of users who might still have the same phone number associated with their Facebook account, which has been exposed. Also Read - Facebook vaccine finder tool rolling out in India to help locate COVID-19 centres
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
“It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors,” Gal said.
The Telegram bot allows for identifying a person’s Facebook user ID if someone has their phone number and vice versa. “The initial results from the bot are redacted, but users can buy credits to reveal the full phone number. One credit is $20, with prices stretching up to $5,000 for 10,000 credits,” as per the Motherboard report.
This is not the first time that Facebook has come under the scanner for how it handles the privacy of users. In December 2019, details of over 267 million Facebook user’s IDs, phone numbers, and names were compromised. According to Comparitech, Bob Diachenko, a security researcher uncovered the database, which uploaded as a single file.