A Telegram bot is flogging the phone numbers of Facebook users

Telegram
(Image credit: Shutterstock)

A database of phone numbers belonging to a reported 533 million Facebook users is being offered around by a Telegram bot. The secure messaging app is being misused to allow individuals to acquire sensitive information without the owner’s consent, and without even having to interact with the unnamed individual that is running the bot.

According to reports, the Facebook information being offered around by the Telegram bot stems from a 2019 vulnerability that has since been patched. If an individual knows a person’s Facebook ID, they can use the bot to acquire the corresponding telephone number. Conversely, if an individual knows someone’s phone number, the bot can be used to find out that person’s Facebook ID.

The Telegram bot is not in the business of giving away sensitive information for free, however. Unlocking a single piece of information costs one credit, which will set you back $20. Bulk discounts are available, with 10,000 credits on offer for $5,000.

Data for sale

Reports of the Telegram bot started emerging a couple of weeks ago, which is a pretty embarrassing development for Facebook given that it usually asks for a person’s phone number so it can enable two-factor authentication. A data breach, even one that is two years old, has turned this security feature into a potential vector for follow-up attacks.

It is not clear who is behind the Telegram bot, but the messaging app should probably get the bot taken down as soon as possible. The more opportunity it has to sell sensitive information, the greater the likelihood of affected Facebook users being targeted by phishing attempts and other fraudulent activity.

Although disabling the Telegram bot will not remove the data stemming from the 2019 Facebook breach from the web, it will at least shut down one avenue of accessing it.

Via The Verge

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI