Facebook is one of the most important social networks in the world, with users numbering in the billions, so it stores a large amount of private information that must be maintained with strict security measures. However, these measures sometimes fail, causing security holes that are exploited by hackers to access our data.
On this occasion, it was through a Telegram bot, the method used illegally to sell stolen data on Facebook from more than 500 million users in exchange for a payment of 20 dollars.
500 million users with their data exposed in a Telegram bot
As revealed by the Motherboard portal, the bot has been created by a user of a cybercriminal forum and is in charge of selling a database of phone numbers belonging to Facebook users. Although the data is several years old, it remains a cybersecurity and privacy risk for those users whose numbers have been exposed and that could affect more than 500 million users. This fact could be related to the security breach that was fixed in August 2019.
Although the security breach was closed, this issue can be significant for people who have linked their phone number to their Facebook account before August 2019. It has also captured numbers of people who used their number for two-factor authentication. This means that the numbers of the users who were most concerned about their safety are included. By that date, Facebook already had more than 2 billion registered users around the world, whose data could be put at risk.
As advertised in the Telegram bot, it is in charge of finding out the phone numbers of Facebook users. To do this, they must enter a phone number to receive the Facebook ID of the corresponding user or vice versa. To do this, users must make a payment that starts at $ 20 and can be extended up to $ 5,000. This bot claims to have information about Facebook users from Canada, the United States, Australia, the United Kingdom, and 15 other countries.
Affected users who gave their phone number until 2019
If we gave our phone number to Facebook before 2019, we may be affected by this data hack. In the event that we change our number after August 2019, this database leak will not affect us. To protect ourselves for the future, we can delete our phone or delete our Facebook account. At the moment, the bot is still active and it seems that neither Facebook nor the authorities have launched any kind of investigation.
