It seems that the phone numbers (and corresponding site IDs) of about 500 million Facebook users are now being sold on a dark web cyber forum.
The offender or group of responsible criminals has built a Telegram bot to act as a search function for the data. Customers can now use the bot to filter through the data to find phone numbers that match a user’s IDs – or vice versa – with the complete information resolved after paying for “credits. ” These credits start at $ 20 for one check and get cheaper if purchased in bulk.
The activity was discovered by Alon Gal, co-founder and CTO of cybersecurity company Hudson Rock, issued about the scheme on his Twitter account, and reported by Joseph Cox, at Motherboard.
Facebook seems to be an insecure server containing account information of millions of users of the data store for sale here – although that vulnerability was discovered by researchers in 2019 and Facebook has on that has since been established. Gal has said that vulnerabilities have been exploited to “create a database containing the information of 533m users across the country.” (For unknown reasons, the bot itself only claims to sell information to users in 19 countries.)
G / O Media may receive a commission
“It is worrying to see a database of this size being sold in cyber communities, it seriously infringes on our privacy and will certainly be used for laughter and other deceptive actions by bad actors, ” Gal told Motherboard. “It is important that Facebook notifies its users of this breach so that they are less likely to suffer various hacking and social engineering efforts,” he said. We’ve reached out to Facebook for comments and will update if we hear back.
Telegram bots, a they were built to be adapted, have been increasingly involved in cyber scams, albeit in slightly different ways than in this case. Just recently, a report from researchers found bots be reduced in scam-as-a-service a scheme, where criminals were able to automatically communicate with potential victims of phishing. Similarly, a Buzzfeed report several years ago showed that the bots used by Bitcoin scammers to lure victims into online pump and dump schemes.