As a report Facebook, phone numbers of 533 million users are currently being sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network.
According to a report in Motherboard, the person selling the database filled with Facebook users' phone numbers (it's $20 per number) lets customers lookup those numbers by using an automatic Telegram bot.Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock first alerted about the Telegram bot selling Facebook users' information.
"It is extremely worrying to ascertain a database of that size being sold in cybercrime communities, it harms our privacy severely and can certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors," Gal was quoted as saying within the report that came out on Monday.
Although data could also be a bit old but it still presents a cybersecurity and privacy risk to those whose phone numbers may be exposed.
"Facebook told Motherboard the info relates to a vulnerability the corporate fixed in August 2019".The Telegram bot lets users enter either a telephone number to receive the corresponding user's Facebook ID, or visa versa.
"The initial results from the bot are redacted, but users can purchase credits to reveal the complete telephone number . One credit is $20, with prices stretching up to $5,000 for 10,000 credits," the report mentioned.The bot claims to contain information on Facebook users from the US, Canada, the UK, Australia and 15 other countries. The Telegram bot has been running since a minimum of January 12.
Facebook or Telegram were yet to officially discuss the report. "It is vital that Facebook notify its users of this breach, in order that they are less likely to fall victim to different hacking and social engineering attempts," Gal said.In December last year, reports surfaced that a bug exposed the private information like email addresses and birthdays of Instagram users.
Saugat Pokharel, an experienced bug hunter from Nepal, discovered the bug. The attack used Facebook's Business Suite tool, available to any Facebook business account, reported The Verge.According to a Facebook spokesperson, the bug was only accessible for a brief period of your time during alittle test.
"A researcher reported a problem where, if someone was a neighborhood of alittle test we ran in October for business accounts, personal information of the person they were messaging could are revealed," the corporate spokesperson had said.