It has not taken long for Facebook to be involved with a cybersecurity threat in 2021. This latest one was discovered by the team at Motherboard, who were tipped by co-founder and CTO of Hudson Rock, Alon Gal, after a Telegram bot was found to be selling Facebook user phone numbers for $20 each.
The bot claims to have the data of more than 533 million Facebook users on hand, which was pilfered following a patched vulnerability on the platform in August of 2019, the company told Motherboard. It is also said that the information that was pulled from an exposed database is several years old but, regardless of this, still represents a significant cybersecurity threat for any users who are a part of said database.
Unsurprisingly, Facebook has remained tight lipped regarding any other elements of this newly discovered cyberthreat, but Telegram has been able to provide some insight. “The bot helps to find out the cellular phone numbers of Facebook users,” the company says.
Doing its own poking and prodding, Motherboard says that the bot can be used to pull a Facebook ID by plugging in someone’s phone number, with it working vice versa too.
It is also taking credits, at $20 each for access to a phone number or corresponding data, with bulk payments going as high as $5 000 for 10 000 credits.
Gal adds that the bot has been active since roughly 12th January 2021, having shared some screenshots of it on Twitter recently, with said information indeed linked to 2019. While that may not be the most recent information, people very seldom change their mobile contact number in this day and age, and as such, the data will likely prove valuable to those with nefarious intent.
It remains to be seen whether Telegram has been contacted in order to shut down the bot, or whether that is indeed within its purview. Either way, one of these social media platforms needs to act swiftly in order to clamp down on the illicit sharing of user information.
[Source – Motherboard]