Another day another Facebook data privacy scandal.
According to a recent report by Motherboard, a security researcher Alon Gal found out that someone has gotten their hands on a database of Facebook user’s phone numbers and is selling it via a Telegram bot. Gal claims that the person has access to a database with information on 533 million users which came from a Facebook vulnerability exposed and patched in 2019.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Databases are usually encrypted and to fish out useful information, there has to be an interaction between the person with the database and the person trying to get information out of it. However, making a Telegram bot and using it to dig out data solves this problem. The person in possession of the database knew this.
The bot is capable of doing two things:
- It can find that person’s phone number using his/her Facebook ID.
- It can find the person’s Facebook ID using his/her phone number.
The Motherboard report further details that accessing information like a phone number or Facebook ID, costs one credit. The person behind the bot is selling one piece of information for $20. However, bulk prices such as 10,000 credits selling for $5,000 are also available.
The bot came into action on January 12, 2021, but the information being provided is two years old. Nevertheless, this is embarrassing for Facebook since the numbers collected were for two-factor authentication.
Gal has contacted Telegram to take the bot down. However, no response has been received from the other end, yet.