Advertisement

Telegram Bot Sells Facebook Users' Phone Numbers

Over 500 million numbers are available, and are being sold for $20 a piece.

Access to a database of Facebook users' phone numbers is being sold by a user of a hacker forum through the use of a Telegram bot, as per a report by Motherboard.

The starting price is one credit per number, which is the equivalent of $20, with a discount for bulk buying 10,000 credits at $5,000. The data itself harkens from 2019, but the issues of privacy and data leaks are nevertheless pressing, and sadly, some we hear all to often nowadays.

Reportedly, 533 million Facebook users' numbers are available, and even though Facebook fixed the issue back in 2019, the information is clearly still there to be taken advantage of.

SEE ALSO: HACKER POSTS CREDENTIALS OF 2.28 MILLION DATING SITE USERS PUBLICLY

The security researcher who found the data breach, Alon Gal, told Motherboard "It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors."

Using a Telegram bot enables a hacker to do two things in this scenario, they can find someone's phone number if they have that person's Facebook user ID, alternatively, if they have the person's Facebook user ID they can then find their phone number. 

And in this case, it costs a certain amount of money, or credits, to retrieve this information. Hence the one credit for $20, or 10,000 credits for $5,000, as per Motherboard's information.

Gal posted some of their findings on Twitter, explaining that in early 2020 the vulnerability was discovered and taken advantage of, which then withdrew 533 million Facebook users' phone numbers from a number of countries. The reason this issue is resurfacing now is because a Telegram bot was used, which allows users to pay a fee to retrieve this information, which can be done on a large scale. 

Advertisement

The impact on privacy is huge and worrisome. 

It's uncertain whether Telegram has been contacted to remove the bot, but cyber security has to ramp up if protection of sensitive data is to be kept private.

Follow Us on

Stay on top of the latest engineering news

Just enter your email and we’ll take care of the rest:

By subscribing, you agree to our Terms of Use and Privacy Policy. You may unsubscribe at any time.