Millions of leaked Facebook phone numbers are exposed and being sold via a Telegram bot.
A major security breach fixed by Facebook in 2019 continues to offer high risk to the social network’s users: The phone numbers of 533 million accounts were leaked thanks to a massive attack. And now access to that list is even easier: Anyone can learn the phone number of a Facebook user affected by the leak just by using a Telegram bot.
Facebook has been harboring serious security concerns for a few years now, especially after scandals such as Cambridge Analytica. There have been notorious leaks of user data thanks to unauthorized access to Facebook; Such as Cambridge Analytica itself or one less known, the leak of 533 million phone numbers. That database dumped directly from Facebook due to an already patched vulnerability, has been posing a risk since 2019. Especially when a Telegram bot is enough to discover the phone number of a Facebook user.
Millions of leaked Facebook phone numbers exposed in Telegram bot
The Facebook vulnerability that made it possible to obtain the phone number associated with any user was fixed in 2019. This implies that the database that has been circulating since then has a certain age; Without this meaning that the data is outdated because it is usual not to change phone numbers frequently. And that anyone can obtain such private data by asking a simple bot is a major breach of privacy.
As discovered by Motherboard, following a report by Alon Gal, the aforementioned Telegram bot works as expected. The user behind the bot is unknown, even if he offers the information for a fee. Because it is not enough to ask the Telegram bot, you first have to pay for the service: $20 for a single query (one credit); $5,000 for mass access (10,000 credits).
Motherboard verified that the phone numbers associated with the Facebook ID are correct. This puts 533 million users worldwide.
If you have a Facebook account to which you have added your phone number, we recommend that you activate the two-step verification. In case you changed your number after August 2019 you are not affected by the database leak; However, it is advisable to add a second step at the start of Facebook. You can also delete the account from the platform.
