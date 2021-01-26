Facebook Users' Phone Numbers Are For Sale Through Telegram Bot PA Images/Pixabay

Facebook appears to have suffered a disturbing privacy breach, with millions of its users’ phone numbers appearing for sale through a Telegram bot.

The bot, which was uncovered on the messaging app by a cybersecurity researcher, is reportedly being used by a ‘low level’ lone-wolf cybercriminal to sell access to a hacked database of phone numbers. According to Motherboard, the bot lets users find whether a person’s phone number is on the database by entering their Facebook ID, or vice versa, before prompting them to buy ‘credits’ to see the unredacted phone number.

Approximately 533 million phone numbers are advertised as available through the database, which claims to have collected the information of users from more than a dozen countries, including the US, UK, Canada and Australia. As of 2020, Facebook has 2.6 billion monthly users worldwide.

PA Images

Getting full access to the phone numbers isn’t particularly cheap, with individual unredacted numbers costing $20 each. The bot advertises a range of available credit options, with the biggest one offering access to 10,000 numbers for $5,000.

The data available through the hack is a couple of years old, but it will almost certainly contain millions of phone numbers still currently in use, and could be used for a whole range of purposes ranging from scam calls to targeted harassment.

Whereas most large databases obtained through leaks and hacks require some form of technical ability to make sense of them, this bot claims to allow anyone to search and pay for either single or multiple phone numbers through a straightforward transaction.

PA Images

Cybersecurity expert Alon Gal, who first raised the alarm about the bot, said that the fact that such a large database was being made so easily accessible through Telegram was ‘very worrying’, adding that ‘it harms our privacy severely and will certainly be used for smishing [SMS phishing] and other fraudulent activities by bad actors’.

Aside from the downright creepy idea of your phone number being available to anyone without you knowing about it, the breach also has other worrying implications for our online security. Facebook also uses phone numbers as one of its main forms of two-factor authentication, while several social media and messaging apps let you search for a person’s account using their phone number.

Facebook has told Motherboard that it fixed the vulnerability that led to the hack back in August 2019, but if you’re one of the 500 million people whose phone number is up for sale, that probably won’t be of much reassurance.