The database contains information on 500 million Facebook users, a person advertising the service told Motherboard. The data is reportedly related to a vulnerability that the Mark Zuckerberg-led company fixed in August 2019.
Vice tested the bot and found that initial results from the Telegram bot are redacted but they can be revealed by buying credits. Each credit is $20 and prices range up to $5,000 for 10,000 credits. Someone has gotten their hands on a database full of Facebook users’ phone numbers, and is now selling that data using a Telegram bot, according to a report by Motherboard.
The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2019. With many databases, some amount of technical skill is required to find any useful data.
And there often has to be an interaction between the person with the database and the person trying to get information out of it, as the database’s “owner” isn’t going to just give someone else all that valuable data. Making a Telegram bot, however, solves both of these issues.
– Security researcher Alon Gal reported on Twitter that a Telegram bot was created that carried sensitive information of scores of Facebook users. “In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries. It was severely under-reported and today the database became much more worrisome,” he wrote.
– A report by Motherboard had stated that the bot on Telegram lets users find the phone number of another user if they have that person’s Facebook ID and if the user has the phone number of the person, he can get his Facebook ID. However, in order to access such sensitive information, the user will have to pay the person behind the bot $20. The bot is also selling information in bulk. For 10,000 credits the bot is charging $5,000.
– Gal in his report had revealed that users from over 100 countries have been affected in this major data breach. “Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy,” he added.
– Gal has shared some of the screenshots of the data exposed on the Telegram bot. It shows that the bot has been active since January 12, 2021, but it carries data of users’ from 2019. “It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors. It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts,” Gal told Motherboard.
Comments are closed.