Skip to main content

Facebook user's data breached — phone numbers being sold via Telegram bot

Shutterstock
(Image credit: Shutterstock)

Access to phone numbers on Facebook is being sold via an automated Telegram bot, with the creator claiming to have data on 533 million users.  

Reported on Vice's Motherboard, the breach was spotted by CTO of cybersecurity firm Hudson Rock, Alon Gal, on a cybercrime community forum, with the bad actor advertising the Telegram bot that is selling access to its database. The bot easily lets users see the telephone numbers of who they want.

The Telegram bot works by letting users either enter a phone number to see what Facebook user it belongs to, or enter a Facebook user's name to get their phone number.

The service isn't free. Users require credits to gain access to a full telephone number, with one credit costing $20. However, there's also bulk-buying, with $5,000 worth 10,000 credits. 

Facebook has stated the bot has access to data before an update in August 2019, and that data from new Facebook users or update profiles added after this date is not included in the database. However, it still contains the phone numbers and Facebook user's names prior to this, meaning those who haven't change their numbers are still vulnerable.

Thanks to a two-factor authentication system from Facebook, many have entered their phone numbers supposedly as a way to increase security. This has clearly backfired. 

See more

According to a tweet from Gal, the bot has a list of data from over 100 countries, from the USA and Europe to Asia and Australia. Gal also posted a tweet stating that it had been used as recently as January 12, 2021, meaning it's still very much in use.

There have yet to be updates on whether security will be put in place to stop the bot from accessing phone numbers and Facebook user's data, but there's sure to be a call to action from Facebook soon (hopefully).