[ad_1]
Someone got their hands on a database full of phone numbers of Facebook users and is now selling that data using a Telegram bot, according to a report by Motherboard. The security researcher who found this vulnerability, Alon Gal, says that the person running the bot claims to have information from 533 million users, which came from a Facebook vulnerability patched in 2019.
With many databases, some technical skill is required to find useful data. And there often has to be an interaction between the person who owns the database and the person trying to extract information from it, because the “owner” of the database is not going to just give someone some other all this valuable data. However, creating a Telegram bot solves both of these issues.
A few days ago, a user created a Telegram bot that allows users to query the database for a nominal fee, allowing people to find the phone numbers linked to a huge chunk of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
– Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
The bot allows someone to do two things: if they have a person’s Facebook user ID, they can find that person’s phone number, and if they have a person’s phone number , he can find his Facebook user ID. Although, of course, accessing the information you’re looking for costs money – unlocking a piece of information, like a phone number or Facebook ID, costs a credit, which the person behind the bot sells for $ 20. There are also wholesale prices available, with 10,000 credits sold for $ 5,000, according to the Motherboard report.
The bot has been running since at least January 12, 2021, according to screenshots released by Gal, but the data it provides access to is from 2019. It’s relatively old, but people don’t change their phone numbers often. This is particularly embarrassing for Facebook as it historically collected phone numbers from people, including users who turned on two-factor authentication.
At the moment, we don’t know if Motherboard or security researchers have contacted Telegram to try to take the robot apart, but hopefully this is something that can be cracked down soon. This isn’t to paint an overly rosy picture, however – the data is still out there on the web, and it has resurfaced several times since it was originally scratched in 2019. I just hope the easy access will be cut off.
[ad_2]
Source link