The bot enables someone to do 2 things: if they have an individuals Facebook user ID, they can discover that individuals phone number, and if they have an individuals phone number they can find their Facebook user ID. Of course, in fact getting access to the info youre looking for expenses cash– opening a piece of information, like a phone number or Facebook ID, costs one credit, which the individual behind the bot is offering for $20. Its particularly embarrassing for Facebook as it historically gathered phone numbers from individuals consisting of users who were turning on two-factor authentication.
Somebody has gotten their hands on a database filled with Facebook users phone numbers, and is now selling that information utilizing a Telegram bot, according to a report by Motherboard. The security scientist who discovered this vulnerability, Alon Gal, states that the individual who runs the bot claims to have the information of 533 million users, which originated from a Facebook vulnerability that was covered in 2019.
With many databases, some amount of technical ability is required to discover any helpful information. And there typically needs to be an interaction between the individual with the individual and the database attempting to get details out of it, as the databases “owner” isnt going to simply give someone else all that important data. Making a Telegram bot, nevertheless, fixes both of these concerns.
The bot allows someone to do two things: if they have an individuals Facebook user ID, they can find that individuals contact number, and if they have a persons telephone number they can find their Facebook user ID. Of course, really getting access to the details youre looking for costs money– opening a piece of info, like a phone number or Facebook ID, costs one credit, which the individual behind the bot is offering for $20. Theres likewise bulk prices available, with 10,000 credits costing $5,000, according to the Motherboard report.
The bot has actually been running given that at least January 12, 2021, according to screenshots posted by Gal, however the data it supplies access to is from 2019. Thats fairly old, but people dont change contact number that typically. Its especially embarrassing for Facebook as it historically collected telephone number from people consisting of users who were turning on two-factor authentication.
At the moment its unknown if Motherboard or security scientists have called Telegram to try to get the bot taken down, but ideally its something that can be clamped down on soon. Thats not to paint too rosy a photo, however– the data is still out there on the web, and its resurfaced a couple of times given that it was at first scraped in 2019. Im just hoping that the simple access will be cut off.
Couple of days ago a user developed a Telegram bot allowing users to query the database for a low fee, allowing individuals to discover the phone numbers linked to an extremely big portion of Facebook accounts.This undoubtedly has a big influence on personal privacy. pic.twitter.com/lM1omndDET— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021