The past two months have been tough for Facebook, as the company has sparked several controversies concerning user privacy and security. Throughout the incidents, the company has maintained that it respects users’ privacy and offers maximum protection to sensitive information.
Person selling access to the Bot claims it has data on 500 million Facebook users
Proving all this wrong, one Telegram Bot has been caught selling mobile numbers of approximately 500 million Facebook users. The issue was first spotted by Alon Gal, an independent security researcher, who shared the news via his Twitter handle. As per his account, the data being sold by the bot was leaked due to a vulnerability that Facebook patched in 2020.
According to a report, the Telegram bot in question gives information about a single Facebook account in exchange for money. In this case, the bot charges $20 for an individual’s Facebook ID.
There are also options to purchase the data in bulk, and the bot will charge around $5000 for 10,000 credits. The report confirms that the bot indeed has access to the sensitive information of millions of Facebook users.
There will be no scarcity for buyers, either because they can use the sensitive data to create more scams and involve in identity theft of the Facebook users. Compared to the amount of money a threat actor could make using this data, the amount charged by the bot is minuscule.
According to the researcher, the vulnerability responsible for this data leak happened in early 2020. Though Facebook patched the issue, the company took more time to do this, a period that was long enough for attackers to exploit. As a result, the phone number details available from the Telegram bot were updated in 2019.
That won’t be a concern for attackers, considering that people don’t change their phone numbers very often. It is worth noting that Facebook has not yet responded to these claims so far. The company had kept a vow of silence when this early-2020 vulnerability was reported last year.
While the story regarding this leak is developing, it is sure that a data leak compromising the information of 500 million users would be a headache for Facebook, regardless of whether it is ready to acknowledge a bug or attack.