According to a report, someone has got their hands on a database filled with Facebook users’ phone numbers, and is now selling that data using a Telegram bot. Motherboard. The security researcher who found the vulnerability, Alon Gall, says that the person running the bot claims to have information on 533 million users, which came from a patched Facebook vulnerability in 2019.
With many databases, some technical skills are required to find any useful data. And often there must be an interaction between the person with the database and the person trying to get information about it, because the “owner” of the database is going to give all that valuable data to no one else. However, creating a telegram bot resolves both of these issues.
A few days ago a user created a Telegram bot, allowing users to query the database for a low fee, enabling people to find phone numbers associated with a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
– Alon Gall (under breech) (@UnderTheBreach) 14 January 2021
The bot allows someone to do two things: if they have a person’s Facebook user ID, they can find that person’s phone number, and if they have a person’s phone number, they can use their Facebook user ID Can get. However, of course, actually getting access to the information you’re looking for for money – unlocking a piece of information, such as a phone number or Facebook ID, costs a credit, which the person behind the bot would have made $. Is selling for 20. According to Motherboard’s report, wholesale pricing is also available with the sale of 5,000 credits for $ 10,000.
According to a screenshot posted by Gail, the bot has been in operation since at least January 12, 2021, but the data it provides has access to 2019. It is relatively old, but people often do not change phone numbers. This is particularly embarrassing for Facebook because it historically collected phone numbers from people with two-factor authentication turned on.
It is currently unknown if Motherboard Or security researchers have contacted Telegram to try to take the bot down, but hope this is something that can be discontinued soon. The picture doesn’t have to illuminate too much, though – the data still exists on the web, and has been redone twice since it was initially scrapped in 2019. I’m just hoping that Easy Access will cut.