What if someone gets access to all your database? What if someone intrudes on our privacy so often? This happened with Facebook. What we can only imagine has occurred with the most used social media application.
Someone has gotten the complete database of the users’ phone numbers. These phone numbers were attached to Facebook profiles.
Someone is selling those numbers using a Telegram bot. Motherboard reported this issue.
What is the issue?
Alon Gal, a security researcher, found this vulnerability that Facebook is facing. He claims that the person selling the numbers is having mobile numbers of 599 million users. This facebook vulnerability was patched back in 2019.
Having many databases, there is a need for tremendous technical skills. There is an interaction between the person having the database and the person who wants the information.
The owner of the database isn’t going to distribute all the data. Creating a Telegram bot will help solve both of these issues.
These bots are helpful at the time of hacking any valuable information. The bots are designed in such a manner that they perform two of their duties.
These bots can find the number of the person if it knows the Facebook user ID.
The bots can also easily find the Facebook user ID if they know the number. You might be thinking that this would cost money.
According to the motherboard reports, the hacker is buying that information on one credit and selling it for $20.
— The Verge (@verge) January 26, 2021
Is the user’s privacy safe on Facebook?
Through the bulk pricing feature, one can get 10000 credit for just $5000. Unlocking a piece of information associated with the user’s number and Facebook ID will only cost one credit.
According to the screenshots shared by Gal on Twitter, the bot is in operation since January 12, 2021.
But the data which is getting shared is from 2019. That is comparatively old, but the catch could be the non-changeable phone numbers.
More often, people don’t change their phone numbers every year. It is embarrassing for Facebook.
The company gathered the phone numbers of the user. Those users were turning on two-factor authentication.
As of now, it is not sure that the motherboard or the security researchers have contacted Telegram. The contact will let down the bot. In such cases, the company clamps down on the bot as soon as possible.
That’s not to paint too rosy a picture – as the data is still available on the web. As per the sources, this data resurface twice since it was scraped in 2019.
The only hope is that this issue gets resolve as soon as possible.
Image courtesy of Dumbest of All Worlds/YouTube Screenshot