The mobile phone numbers of nearly 500 million Facebook users are for sale through the Telegram bot, according to a report by Motherboard. The data includes numbers of around 6 lakh Indian users, according to security researcher Alon Gal, who first highlighted the problem on his Twitter account.
According to Gal, the user running the bot is exploiting Facebook vulnerabilities that were reported in 2020 and also patched. But the vulnerability allowed anyone to access the phone numbers associated with each Facebook account across all countries. They took advantage of creating a database of Facebook user accounts and their mobile numbers, which is now sold through the bot.
This is not the first time that an issue has been reported about how Facebook secures user data, especially around mobile numbers. It was reported back in 2019 that mobile phone numbers of nearly 419 million Facebook users were found on an unsecured server, which the company had admitted was a problem and later repaired.
It’s worth noting that the data provided by Telegram bot is from 2019. But given that not enough people update phone numbers every year, the information being sold is likely to be accurate. The security researcher has reported that consumers from over 100 countries are affected. In India over 6,162,450 this affects consumers.
According to Motherboard, if someone has a person’s phone number, then they can find their Facebook user ID with the help of Telegram bot. But to access the information, they will have to pay. The person who created the Telegram bot sells a phone number or Facebook ID for $ 20, which is around Rs 1,460 in India. The bot also sells Facebook user data in bulk. For 10,000 credits, the bot charges $ 5,000 (about Rs 3,65,160), adds the report.
In early 2020 a vulnerability was exploited which enabled the phone number to be linked to each Facebook account, creating a database containing the 533m user information across all countries.
It was seriously under-reported and today the database became much more anxious 1/2 pic.twitter.com/ryQ5HuF1Cm
– Alon Gal (Under the Break) (@UnderTheBreach) January 14, 2021
Gal notes that this is a serious privacy concern. He also said that the issue was under-reported when it was first highlighted and today the database has become much more worrying. He told Motherboard, the data can be used for “smiles and other fraudulent activities by bad actors,” adding that Facebook should inform users of this problem.