A database that gives access to phone numbers and information of 533 Mn Facebook users from multiple countries including India, is up for sale via a Telegram bot.
The bot can help find the phone number of Facebook users by searching for their ID or find Facebook IDs by entering phone numbers. Alon Gal, Co-Founder & CTO, Hudson Rock, a cybersecurity firm was the first who alerted about the breach.
The news was first reported by Motherboard, the tech arm of Vice. Facebook told Motherboard the data relates to a vulnerability the company fixed in August 2019. But the exposed data can still be used for fraudulent, phishing, or cybercrime activities.
The portal tested the bot and confirmed the database contained the number of a real Facebook user. The prices stretch from 20 USD to 5,000 USD, and the data can be obtained via completing the transaction from a credit points system, anyone purchase credits, and then use the credits to buy phone numbers. Gal mentioned he first found the vulnerability in around early 2020, but it went severely under-reported.
Also Read: CAIT requests ban on WhatsApp & Facebook due to the new Privacy Policy
In late 2019, a discovery by reseachers highlighted Facebook users' phone numbers can be scraped in a mass. Motherboard provided a sample of the bot's data obtained by Gal to Facebook.
The platform said the data contained Facebook IDs created prior to fixing the vulnerability (in 2019) and the bot did not show any results when tested against newer data.
This means that the bot holds data of at least a quarter of Facebook users from more than a hundred countries, which includes 6,162,450 users from India.
This is not the first time Facebook user data has been exposed to vulnerabilities. The rational way to protect your data from being a victim of a privacy breach is to share limited information on and with the platform.
It is advisable to remove one's phone number from the Facebook account, as it is also a part of personally identifiable information, especially if it is linked to bank accounts or any other financial or sensitive activities. Users can remove their phone number by following these steps.