Facebook has a lot more to worry about regarding user privacy. The latest information surrounding the social media giant has it that a hacker intruded on Facebook’s data systems and made away with the phone numbers of over 500 million users. The same hacker is now selling the data to the highest bidder using a Telegram bot, the Verge reports.
Research by Alon Gal, the researcher who reported this vulnerability on Facebook, showed that the hacker was able to make away with such large amounts of users’ data due to a Facebook vulnerability that was only fixed in 2019. Gal, a co-founder, and CTO of the cybersecurity firm Hudson Rock tweeted about the illegal venture via his handle.
It can be pretty hard to access users’ data since a person needs some level of IT knowledge to achieve this. And again, the person trying to obtain vital data from a user would have to try and engage with his potential victim. This is where the need for a Telegram bot comes since it reduces the workload on the hacker.
With a bot, a hacker can obtain a person’s Facebook user ID and phone numbers. Armed with a user’s ID, they can obtain a phone number, and armed with a phone number, they can obtain an ID. It goes both ways. However, getting such vital information about a person would cost some amount of money.
The going rate for a Facebook user ID is about one credit, which the hacker sells for $20. However, anyone that has a need for 10,000 credits would have to cough out $5,000, Gizmodo writes.
According to the report by Gal, the Telegram bot has been up and running since January 12, 2021. However, a drawback to this bot is that it only provides data of users from 2019 till date. That is about three years back, but a large chunk of the phone numbers would still be valid as many people rarely change their phone numbers except the circumstances calls for it.
Facebook’s two-factor authentication security feature has also been called into question, as the bot had access to phone numbers of users who had the security feature enabled. It is yet to be established if researchers behind the new findings have reached out to Telegram to have the bot taken down from their platform. Notwithstanding, it is believed something will be done about it soon.
While Telegram tries to fix the bot, it is worthy to note that the hacked data has been on the web several times after it was removed. Facebook has been advised to warn its users about this security breach so that many do not fall victim to fraudulent schemes by hackers who have their phone numbers and IDs.