According to the security researcher who found this vulnerability, the Facebook users’ phone numbers were being sold by the person using a Telegram bot.
The Telegram bot allowed “users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.” Gal said in a Twitter post. It is pertinent to mention that the database worked the other way and provided Facebook user ID linked to a specific phone number.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
The information was shared with Facebook and the company told Motherboard that the database only contained Facebook users’ phone numbers prior to the fix of the contact vulnerability.
Telegram bot has been running since at atleast January 12, 2021, according to the security researcher and even though the data is over 2 years old, it still presents a significant issue for people who linked their phone number to their Facebook account before August 2019.
The security researcher has also shared a list of countries where users have been affected by this specific data breach.