A hacker is selling over 500 million Facebook users’ phone numbers through a Telegram bot, according to Motherboard.
Alon Gal, o-founder and CTO of cybersecurity firm Hudson Rock, who Motherboard of the breach, says that the data originated from a 2019 Facebook vulnerability.
Gal tweeted that the vulnerability was exploited in early 2020, allowing an attacker to see the phone number linked to each affected Facebook account. He added that the breach that allowed the hacker to access account information for 533 million Facebook users was under-reported at the time it happened.
Telegram bot allows matching ID and phone numbers for 533 million Facebook users
Motherboard says the Telegram bot claims to have information for Facebook users from the US, Canada, the UK, Australia, and more than a dozen other countries.
“Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts,” tweeted Gal.
The Telegram bot allows a person with a Facebook user’s ID to find their corresponding telephone number. Similarly, a searcher could find the user’s ID if they already have the Facebook user’s mobile number. The bot shows redacted information, for free users, but a searcher could pay to view the complete information.
The Telegram bot owner charges one credit worth $20 to view the results for a single search, while bulk users could buy 10,000 credits for $5,000.
Based on screenshots shared by Gal, Motherboard says the telegram bot was in operation since January 12, 2021.
Upon launch, the Telegram bot displays the message, “The bot helps to find out the cellular phone numbers of Facebook users.”
Authenticity of Facebook user information confirmed
Motherboard tested the bot and confirmed that the breached data was authentic even for users who hid their number from their public profile. This implies that Facebook users who turned on two-factor authentication for account recovery could also have their phone numbers exposed through the Telegram bot.
Even worse, the Telegram bot allows interested parties to access Facebook users’ information easily without the need for any technical expertise. This makes the data widely accessible to potentially more threat actors.
Gal said that the sale of such a vast amount of information severely affected Facebook users’ privacy and exposed them to potential fraudulent activities by bad actors.
It was unclear whether Motherboard contacted Telegram to remove the bot. Although the Telegram bot could be taken down, the hackers still have the data and could still find other channels for selling Facebook users’ information. However, shutting down the Telegram bot reduces the spread of the illegally obtained information.
When contacted by Motherboard, Facebook said the information was leaked before it fixed the contact vulnerability and new IDs created. The social media giant said it tested the Telegram bot with newer Facebook data and received no results. Even if Facebook’s claims were true, millions of Facebook users’ accurate information was still circulating.