According to a report by Motherboard, an automated telegram bot is selling data full of Facebook users’ phone numbers. The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have 533 million users, which came from a Facebook vulnerability that was patched in 2019.
Upon launch, the Telegram bot says, “The bot helps to find out the cellular phone numbers of Facebook users,” according to Motherboard‘s tests.
The bot lets users enter either a phone number to receive their Facebook ID or visa versa. The bot’s initial results are redacted, but users can buy credits to reveal the full phone number. One credit is $20, with prices stretching up to $5,000 for 10,000 credits. The bot claims to contain information on Facebook users from the US, Canada, the UK, Australia, and 15 other countries.
Motherboard tested the bot and confirmed it contained a Facebook user’s real phone number who tries to keep this number private.
According to screenshots posted by Gal, the bot has been running since at least 12 January 2021, but the data it provides access to is from 2019.