Cybersec firms catch Telegram bot selling Facebook phone numbers

Social media is a double-edged sword. On one hand, it allows you to keep connected to loved ones and keep up with the latest trends across the globe. On the other hand, it can be a privacy nightmare. Ever since the rise of social media platforms, it has been difficult to keep private information, well, private.

Privacy has become such a sensitive topic over the last few years that many users have become disillusioned with social media and have opted to disable their accounts. There have been many reports on people’s private information falling into other people’s hands, and it doesn’t seem like this kind of scenario will stop happening soon. Take this story involving two of the most popular social media platforms today: Facebook and Telegram.

Reports leaked out that the data of 500 million Facebook users is being sold by a Telegram bot on a cybercrime forum. The database was taken from Facebook two years ago, and it contains the users’ phone numbers. The implications? Well, apart from users’ phone numbers becoming public access, Telegram users can use the app to trace the phone numbers to the owners and use the information for their own purposes.

This data breach was first discovered by CTO and co-founder of cybersecurity firm Hudson Rock, Alon Gal. Gal then alerted Motherboard about the Telegram bot, saying: “It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors.”

The Telegram bot allows for users to either place in a user’s number to get their Facebook user ID or input a Facebook user ID to get that user’s phone number.

However, before users could get all the details, they need to pay credits. One credit is reported to cost $20, and users can buy 10,000 credits for $5,000. The bot is said to have collected information from users residing in nearly 20 countries across the globe. In a particularly alarming turn of events, Motherboard tried out the bot and was able to connect the real number of a user who privatized their details on Facebook.

It was reported that Facebook confirmed the leak and that it was from a security issue that they resolved back in August 2019. Current Facebook IDs are not part of this batch of phone numbers, but users who connected their phone number to their Facebook account prior to August 2019 may be a part of the list and could have their private information sold. This offers little comfort to users who may have created their Facebook accounts after that date because Facebook has always encouraged users to connect their phone numbers to their accounts for easier access.

The Telegram bot has been up and running since mid-January, and there is no news yet if it has been taken down.

If you like reading our content, why not show your appreciation by treating us to a cup of coffee? (or two, if you’re feeling generous)