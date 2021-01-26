



The vulnerability allows almost anyone to access phone numbers linked to Facebook accounts around the world.

In an obvious security breach, the mobile numbers of over 500 million Facebook users are for sale through Telegram bots. According to security researcher Alon Gal (via Motherboard), the data contains the phone numbers of Indian users over 600,000 rupees. This issue was first highlighted by Gal on Twitter, a microblogging site.

According to Gal, the bot runner claimed that the information for 533 million Facebook users came from a vulnerability patched by social media giants in 2019.

However, this vulnerability allows almost anyone to access phone numbers linked to Facebook accounts around the world. It has been exploited to create a database of social media user accounts and their numbers and is currently sold through bots.

In early 2020, a vulnerability that allowed us to see phone numbers linked to all Facebook accounts was exploited to create a database containing information on 533 million users in all countries.

It’s badly underreported and the database is much more worrisome today 1/2 pic.twitter.com/ryQ5HuF1Cm

Alon Gal (Under the Breach) (@ UnderTheBreach) January 14, 2021

Anyone who knows a person’s phone number can use the Telegram bot to find their Facebook user ID and vice versa. However, anyone who wants to access the information has to pay for it, which costs them 1 credit. The person behind this bot sells a phone number or Facebook user ID for $ 20. There is also bulk pricing for the data. The bot has revised the charge of US $ 5,000 for 10,000 credits.

Complete list of affected users by country pic.twitter.com/Wrrzd0WyxE

— Alon Gal (UndertheBreach) (@ UnderTheBreach) January 14, 2021

The Telegram bot is said to have been in operation since at least January 12, 2021, but the data provided is for 2019. However, the data is accurate because few people change their phone numbers frequently. According to security researchers, user data from more than 100 countries is for sale through bots.

Gal said the issue was underreported when it was first highlighted, despite serious privacy concerns.

