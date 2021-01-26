



According to a Motherboard report, someone has a database full of Facebook user phone numbers and uses Telegram bots to sell that data. Security researcher Alon Gal, who discovered this vulnerability, said that the person running the bot has information on 533 million users derived from the Facebook vulnerability patched in 2019. Claims.

Many databases require some technical skill to find useful data. Also, database owners don’t just provide all the valuable data to others, which requires interaction between those who use the database and those who are trying to get information from the database. Often. However, creating a Telegram bot solves both of these problems.

A few days ago, a user created a Telegram bot that allowed users to query the database at a low cost to find phone numbers linked to most of their Facebook accounts.

This obviously has a big impact on privacy.

Alon Gal (Under the Breach) (@ UnderTheBreach) January 14, 2021

With a bot, you can find the phone number of someone if they have a Facebook user ID, and the Facebook user ID if they have a person’s phone number. Of course, it costs money to unlock information such as phone numbers and Facebook IDs to access the information you’re actually looking for. It costs 1 credit and is sold by the person behind the bot for $ 20. Bulk prices are also available, with 10,000 credits selling for $ 5,000, according to a motherboard report.

According to the screenshot posted by Gal, the bot has been running since at least January 12, 2021, but the data accessible is from 2019. It’s relatively old, but you don’t change your phone number often. It’s especially embarrassing for Facebook because it has historically collected phone numbers from people, including users who had two-factor authentication turned on.

At this time, it’s unclear if a motherboard or security researcher has contacted Telegram to remove the bot, but hopefully it can be cracked down soon. The data is still on the web and has been redisplayed several times since it was first scraped in 2019, but it doesn’t draw much rosy pictures. I hope that easy access will be blocked.







