Phone numbers of over 500 million Facebook users on sale through automated Telegram bot- Technology News, Firstpost
TechSamvadJan 28, 2021 16:39:03 IST
An automated telegram bot is selling data full of Facebook users’ phone numbers, according to a report by Motherboard. The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2019.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Full list of affected users by country pic.twitter.com/Wrrzd0WyxE
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Upon launch, the Telegram bot says “The bot helps to find out the cellular phone numbers of Facebook users,” according to Motherboard‘s tests.
The bot lets users enter either a phone number to receive the corresponding user’s Facebook ID, or visa versa. The initial results from the bot are redacted, but users can buy credits to reveal the full phone number. One credit is $20, with prices stretching up to $5,000 for 10,000 credits. The bot claims to contain information on Facebook users from the US, Canada, the UK, Australia, and 15 other countries.
Motherboard tested the bot and confirmed it contained the real phone number of a Facebook user who tries to keep this number private.
The bot has been running since at least 12 January 2021, according to screenshots posted by Gal, but the data it provides access to is from 2019.
