Facebook user IDs, phone numbers of over 500 million users up for sale via Telegram bot

Mobile phone numbers of close to 500 million Facebook users are available for sale via an automated Telegram bot, reported Motherboard. The website was first alerted about the bot by Alon Gal, who is the co-founder and CTO of cybersecurity firm Hudson Rock.

According to Gal, a vulnerability that was reported in 2020 and patched as well, was exploited to create a database containing the information of 533 million users across all countries. This includes data on Facebook users from countries including India, Australia, the US, and Canada. In India, data of over 6,162,450 users have been affected.

Although the data is from 2019, it still poses a privacy and security risk for people whose phone numbers have been exposed. It is uncommon that users change their phone numbers every year, so a large number of users who might still have the same phone number associated with their Facebook account, which has been exposed.

“It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors,” Gal said.

The Telegram bot allows for identifying a person’s Facebook user ID if someone has their phone number and vice versa. “The initial results from the bot are redacted, but users can buy credits to reveal the full phone number. One credit is $20, with prices stretching up to $5,000 for 10,000 credits,” as per the Motherboard report.

This is not the first time that Facebook has come under the scanner for how it handles the privacy of users. In December 2019, details of over 267 million Facebook user’s IDs, phone numbers, and names were compromised. According to Comparitech, Bob Diachenko, a security researcher uncovered the database, which uploaded as a single file.

Go to Source

Leave a Reply

Your email address will not be published.