A Telegram bot is flogging the phone numbers of Facebook users

News
By published

Data from a 2019 Facebook breach found to be for sale

Telegram
(Image credit: Shutterstock)

A database of phone numbers belonging to a reported 533 million Facebook users is being offered around by a Telegram bot. The secure messaging app is being misused to allow individuals to acquire sensitive information without the owner’s consent, and without even having to interact with the unnamed individual that is running the bot.

According to reports, the Facebook information being offered around by the Telegram bot stems from a 2019 vulnerability that has since been patched. If an individual knows a person’s Facebook ID, they can use the bot to acquire the corresponding telephone number. Conversely, if an individual knows someone’s phone number, the bot can be used to find out that person’s Facebook ID.

The Telegram bot is not in the business of giving away sensitive information for free, however. Unlocking a single piece of information costs one credit, which will set you back $20. Bulk discounts are available, with 10,000 credits on offer for $5,000.

Data for sale

Reports of the Telegram bot started emerging a couple of weeks ago, which is a pretty embarrassing development for Facebook given that it usually asks for a person’s phone number so it can enable two-factor authentication. A data breach, even one that is two years old, has turned this security feature into a potential vector for follow-up attacks.

It is not clear who is behind the Telegram bot, but the messaging app should probably get the bot taken down as soon as possible. The more opportunity it has to sell sensitive information, the greater the likelihood of affected Facebook users being targeted by phishing attempts and other fraudulent activity.

Although disabling the Telegram bot will not remove the data stemming from the 2019 Facebook breach from the web, it will at least shut down one avenue of accessing it.

Via The Verge

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.