A database of phone numbers of around 500 million Facebook users is up for sale on Telegram, even allowing customers to look up these numbers through a bot, Motherboard reported. The database reportedly contains phone numbers of even users who have kept their number private on Facebook. The database contains phone numbers of users from US, Canada, the UK, Australia, and dozens of other countries, the report said.
The report did, however, say that the data is several years old, and relates to a vulnerability the company claims to have fixed in August 2019.
After launching the bot, it reportedly says that it will “find out the cellular phone numbers of Facebook users”— from there, users can input a person’s Facebook ID to retrieve their phone number, or vice versa. Initial search results are reportedly redacted, but full contact details can be revealed after buying credits. One credit costs $20, per Motherboard, and users can purchase up to 10,000 credits for $5,000.
Sale of users’ sensitive information which they share with internet platforms has become far too common. Earlier this month, sensitive card data belonging millions of Indians was compromised and leaked on the dark web due to a security comprise at a server used by Juspay, a major payment gateway provider in the country.
Before that, in November 2020, data of over 2 crore BigBasket users, including their names, email IDs, password hashes, pin, and contact numbers, among others, was leaked and sold on the dark web. In August 2020, a breach at ticketing and travel website RailYatri exposed details of over 700,000 users. The leaked details included sensitive details such as travel itineraries, and financial data such as credit and debit card information and UPI IDs.