Data breaches are nothing new when it comes to various websites and social networks. Recently a cybercriminal forum has begun selling access to what it claims to be a database of phone numbers that belong to Facebook users. The bot network claims to allow customers to look up phone numbers using an automated Telegram bot. The data reportedly appears to be several years old but still represents a cybersecurity and privacy risk for those who own the numbers.
Considering that people rarely change phone numbers, odds are many of the phone numbers are accurate. One of the cybercriminals advertising the bot service says that the database contains information on 500 million users. Facebook has reportedly stated that the data relates to a vulnerability that the company patched in August 2019.
The existence of the botnet was first announced by Alon Gal, co-founder, and CTO of cybersecurity firm Hudson Rock. The bot helps find cellular phone numbers for Facebook users, according to publication Motherboard. It lets users either enter a phone number and receive the corresponding user’s Facebook ID or enter the Facebook ID and receive their phone number.
The hackers offer free access that allows users to look up information, but the information is redacted. Those wanting to get the phone number or Facebook ID can buy a single credit for $20 or 10,000 credits for $5000. The database also allegedly has information on Facebook users from the US, Canada, UK, Australia, and 15 other countries.
The data was leaked back in 2019 after hackers found it was possible to scrape the phone numbers of Facebook users. Facebook claims to have tested the bot itself with newer data, and no results were returned. The social network explained that the contents of the database were created before it fixed the contact vulnerability.