Report: Facebook users’ phone numbers for sale on Telegram

The Telegram bot has been advertised by a user on a low level cybercriminal forum who claimed to have a database containing 500 million users. — AP

An automated bot on Telegram is leaking private information belonging to users on Facebook, according to a report by Motherboard.

The website explained that the bot helps users to look up mobile phone numbers belonging to Facebook users. It can also bring up a user’s Facebook ID based on a provided phone number.

The bot claimed to be able to provide information belonging to users in the United States, Canada, United Kingdom, Australia and 15 other countries.

The results will be redacted and users will be prompted to purchase credits to access the full details. Prices start from US$20 (RM81) for one credit to US$5,000 (RM20,242) for 10,000 credits, according to the report.

Motherboard stated that it has tested the bot and claimed that the bot produced a genuine phone number belonging to a Facebook user who never publicised the number.

The Telegram bot is being advertised by a user on a low-level cybercriminal forum who claimed to have a database containing 500 million users.

Cybersecurity firm Hudson Rock, which alerted the website about the Telegram bot, said the finding is “worrying” as it exposes users’ privacy and could lead to them becoming targeted by fraudsters.

The data was believed to have originated from a vulnerability that Facebook said it had fixed in 2019. The website was able to gather a sample of the bot’s data and shared it with Facebook.

Facebook said the IDs from the data were created prior to its fix of the contact vulnerability, adding that it tested the bot against newer data and the bot did not return any results.

However, Facebook users whose phone numbers have not changed since 2019 may still be vulnerable, according to the website.

In 2019, TechCrunch reported that more than 419 million records containing Facebook users’ IDs and phone numbers were exposed on a server online. It claimed that the server was not password-protected, which means anyone can access the data.

Facebook said the data set on the server was old and may have been obtained prior to the company removing the feature to let users search for others using phone numbers. That feature was removed in 2018.

It added that the data set has been taken down and there was “no evidence” of Facebook accounts being compromised.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Did you find this article insightful?


100% readers found this article insightful

Next In Tech News

Hackers breach thousands of Microsoft customers around the world
Bitcoin rises 4.2% to $50,947.94
Twitter founder’s auction of a tweet draws US$2 mil bid
Meet the tiny drones that could one day do the work of insects
This US startup is building tiny injectable robots to attack tumours
Smartphone app helps eye patients monitor vision from home
Manhattan’s real estate agents take up TikTok to find renters
SoundCloud to be first music app with 'fan-powered' artist payments
Russian, Chinese hackers targeted Europe drug regulator - newspaper
Bezos gets fraction of legal fees from girlfriend’s brother

Stories You'll Enjoy