Facebook user's data breached — phone numbers being sold via Telegram bot

Shutterstock
(Image credit: Shutterstock)

Access to phone numbers on Facebook is being sold via an automated Telegram bot, with the creator claiming to have data on 533 million users.  

Reported on Vice's Motherboard, the breach was spotted by CTO of cybersecurity firm Hudson Rock, Alon Gal, on a cybercrime community forum, with the bad actor advertising the Telegram bot that is selling access to its database. The bot easily lets users see the telephone numbers of who they want.

The Telegram bot works by letting users either enter a phone number to see what Facebook user it belongs to, or enter a Facebook user's name to get their phone number.

The service isn't free. Users require credits to gain access to a full telephone number, with one credit costing $20. However, there's also bulk-buying, with $5,000 worth 10,000 credits. 

Facebook has stated the bot has access to data before an update in August 2019, and that data from new Facebook users or update profiles added after this date is not included in the database. However, it still contains the phone numbers and Facebook user's names prior to this, meaning those who haven't change their numbers are still vulnerable.

Thanks to a two-factor authentication system from Facebook, many have entered their phone numbers supposedly as a way to increase security. This has clearly backfired. 

See more

According to a tweet from Gal, the bot has a list of data from over 100 countries, from the USA and Europe to Asia and Australia. Gal also posted a tweet stating that it had been used as recently as January 12, 2021, meaning it's still very much in use.

There have yet to be updates on whether security will be put in place to stop the bot from accessing phone numbers and Facebook user's data, but there's sure to be a call to action from Facebook soon (hopefully). 

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.