553 million Facebook Phone Numbers Leaked into The Internet

In Telegram, a bot gave users access to a database of Facebook user IDs and linked phone numbers for a price.

Telegram user base leaked to the net. Stop using this messenger!

Unknown attackers have gained access to a database with phone numbers of Facebook users and now they are selling them using a bot in the Telegram messenger. It is reported that the personal information of 553 million people is in the hands of these criminals.

Facebook fails to protect its users’ data.

More details

The cybercriminals use a Telegram bot called @osintshopbot (currently blocked), which was built based a Facebook database that includes more than 550 million records. It consists of phone numbers, IDs, and other private data. The data was obtained in 2019 through one of the vulnerabilities (already closed) in this social network.

What’s happening with Facebook

Initially, the criminals created a topic with an offer to sell phone numbers from Facebook on one of the darknet forums. Later, to simplify interactions with customers, they created an automatic bot in Telegram. 

Know more about the Telegram app here.

This bot has two functions. If the buyer has the ID of the Facebook user they are interested in, they can find their phone number. If they have a phone number, then they can use it to find a person’s account on Facebook. So, one phone number or one ID will cost the client $20. There are also “wholesale” prices — for example, 10,000 records for $5,000.

Previously, we’ve talked about data from 15 million users that leaked to the network without a trace.

The leaked base divided into countries and sold by many sellers (prices range from $8 to $20,000). Data for some countries is freely available: Russia (9,996,405 records), Germany (6,054,422), Bangladesh (3,816,348), Libya (3,364,570), Kazakhstan (3,214,290) and several others. So, the attackers have personal data of users from dozens of countries worldwide, including the United States, Great Britain, Canada, Australia, Russia, and more.

Facebook users’ base

The bot was discovered by Alon Gal, co-founder and CTO of the information security company Hudson Rock. 

This bot has been used since January 2021. Even though it sells data from a database that dates back to 2019, the threat to privacy is quite real since many people do not change their personal information for years or even decades.

How to protect your personal information? We’ve listed the main tips to follow for real protection.

What is known at the moment?

Interestingly, the Facebook database has been available since September 2019. At that time, it was reported that about 419 million records with personal data were compromised.

Now, the administration of Telegram has already blocked the malicious chatbot.

According to media reports, the phone numbers in the database could be used to send spam messages to users of the social network. After the incident became known to the media, the management of the app claimed that these numbers were collected through the previously disabled search function of the questionnaire by phone number. This feature was abandoned in mid-spring 2018 after the massive Cambridge Analytica data leak scandal.

Protect your data on the internet and use encrypted and anonymous messengers.


Leave a Reply

Leave a comment

Your email address will not be published.