Facebook’s security has been exploited once again according to the evidence found by a security researcher, Alon Gal. The researcher has found that a user gained access to the phone numbers associated with users’ Facebook accounts and has now put them up for sale using a Telegram bot. The bot reportedly has the information of more than 500 million users.
The data was reportedly leaked in 2019 through a vulnerability that was fixed in August 2019. However, a database was subsequently found that had the phone numbers of more than 500 million users. Now the owner of the database has created a bot on Telegram that makes it very easy to retrieve the phone number associated with an account for a small fee i.e. one credit that is worth $20.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
The database contains the phone numbers of users from more than 100 countries including the US, Canada, and the UK. If you added a phone number to Facebook before 2019, you might have been affected by the breach as well. The bot selling the users’ phone numbers has been live since January 12, 2021. Even though it contains the phone numbers from 2019, it is still a huge breach of privacy that impacts Facebook once again.