Someone was found selling Facebook users’ phone number using a Telegram bot, according to a recent report by Motherboard.
The database reportedly contains information of 533 million users, which came from a Facebook vulnerability that the company fixed in August 2019.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
According to the security researcher who found this vulnerability, the Facebook users’ phone numbers were being sold by the person using a Telegram bot.
The Telegram bot allowed “users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.” Gal said in a Twitter post. It is pertinent to mention that the database worked the other way and provided Facebook user ID linked to a specific phone number.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
The information was shared with Facebook and the company told Motherboard that the database only contained Facebook users’ phone numbers prior to the fix of the contact vulnerability.
Telegram bot has been running since at atleast January 12, 2021, according to the security researcher and even though the data is over 2 years old, it still presents a significant issue for people who linked their phone number to their Facebook account before August 2019.
The security researcher has also shared a list of countries where users have been affected by this specific data breach.
Full list of affected users by country pic.twitter.com/Wrrzd0WyxE— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Read more: Best free VPNs for Android and iOS in 2021.