Facebook’s nearly 533 million users from over 100 countries are at risk of being targets of malicious activities. A vulnerability discovered earlier allowed a notorious threat actor to create a database of Facebook users along with their phone numbers, which are now being sold on Telegram via a bot. The security researcher Alon Gal, who made this finding public on his Twitter handle, highlighted that this has a “huge impact on privacy.”
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Not the First Time
In 2019, Facebook was marred with a similar incident where it exposed 419 million records from across the globe. It included users’ unique Facebook IDs and phone numbers linked to their accounts. It was due to a lapse in Facebook’s security since no password-protection was provided to the said database, which the social media giant fixed later. However, a Guardian report stated that Facebook was trying to downplay the impact of the breach considering the socio-political pressure it was under, especially from the EU post the Cambridge Analytica spill-out.
Related News:
Unprotected Database Exposes Millions of Facebook users’ Contact Numbers
Gal claimed the same in the latest incident. He stated that the database was compiled by the Telegram bot operator in early 2020 when a vulnerability was discovered by security researchers that exposed the phone numbers of Facebook users. The said vulnerability no longer exists because it was patched by Facebook, but it could be downplaying the actual extent of the number of affected users since there is a growing discontent against the social media giant’s data-sharing privacy policy, which it has currently put on hold.
The Telegram Bot
The threat actor who compiled this database has only come to the reckoning because of a Telegram bot. This bot allows users to input a query to its database for a minimal fee of $20. According to an interview given to Motherboard, Gal said the threat actor also had a bulk offer running where 10,000 credits were being offered for $5,000. Interested people can pay the sum and either input a Facebook ID or the phone number to find details.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
It is worth noting that not all phone numbers might be valid since these were collected almost a year ago; however, since people do not change mobile phone numbers often, a large portion of these Facebook users are still vulnerable.
Related News:
How to Report and Regain Access to Your Hacked Facebook Account
