Access to a database that reportedly contains phone numbers belonging to Facebook users is being sold on a cybercrime forum.
Motherboard reports that although the data is old, it still poses a privacy risk. The person who runs the bot claims that the database contains the phone numbers of over 500 million Facebook users. The social media giant has said the data relates to a vulnerability it patched in August 2019.
The database can allow people to look up those numbers by using an automated Telegram bot, according to Alon Gal, the security researcher who found the vulnerability.
Technical skill is required to find information from these types of databases, but creating a Telegram bot that can find data makes it easier for bad actors to access the information.
The report outlines that the bot lets users enter a phone number to find the Facebook user ID connected to it or vice versa. The information is redacted but users can purchase credits to see the full phone number.
Further, the bot claims to have information on Facebook users from Canada, the United States, the United Kingdom, Australia and 15 other countries.
Motherboard tested the bot and found that the database contains the actual phone number of a Facebook user with a private account.
Although the data is from 2019, people don’t change their phone numbers that often, which makes the situation worrying. It’s unknown if Telegram has been contacted about the bot, but hopefully it can be taken down soon.
However, it’s possible that the data will still remain on the web. If the bot is taken down, it removes easy access to the database, which could remedy the situation slightly.