A report says a bot was created by a cybercriminal that sold access to 553 million mobile phone numbers of Facebook users through the Telegram messaging app.
In the latest trouble for Facebook, the person is selling the database full of Facebook users' phone numbers. It was selling per number for $20 stretching up to $5,000 for 10,000 credits. It allows the customers to look up those numbers by using an automated Telegram bot. The information was leaked due to a vulnerability found on Facebook in “August 2019.”
A Telegram support representative said that the bot had been hindered by Tuesday morning. Yet, it's not satisfactory that when precisely it was disabled and for how long it was active on the platform.
"It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors," Gal was quoted in a Monday report.
The co-founder and CTO of cybersecurity firm Hudson Rock, Alon Gal, spotted it about two weeks ago and alerted the Telegram bot selling Facebook users' information.
Gal told Motherboard, “It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts,”
The bot claims to contain dozens of country users' information on Facebook including the US, Canada, the UK, Australia, and 15 other countries.
At least this Telegram bot has been running since January 12.
“This is old data, we found and fixed this issue in August 2019.” a Facebook spokesperson told.
The Telegram bot didn’t return any matches when Facebook tried to check it against newer user data, the tech giant added.
In November, Facebook fixed a critical bug in its Messenger app that could have allowed hackers to connect audio calls without the knowledge or approval from the app user.
The vulnerability could have been used to spy on Facebook users via Android phones
Read more: Facebook sued developers for allegedly violating its terms of service.
