The phone numbers (and corresponding site IDs) of some 500 million Facebook users now appear to be for sale on a dark web cybercrime forum.
The criminal or group of criminals responsible have constructed a Telegram bot to act as a search function for the data. Potential buyers can now use the bot to sift through the data to find phone numbers that correspond to user IDs—or vice versa—with the full information being unlocked after paying for query “credits.” Those credits start at $20 for a single search and get cheaper if bought in bulk.
An insecure Facebook server containing account information on millions of users appears to be the source of the data for sale here—though that vulnerability was discovered by researchers in 2019 and Facebook has since fixed it. Gal has claimed that the vulnerability was exploited to create “a database containing the information 533m users across all countries.” (For reasons unknown, the bot itself only claims to sell information for users in 19 countries.)
“It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors,” Gal told Motherboard. “It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts,” he added. We’ve reached out to Facebook for comment and will update if we hear back.
Telegram bots, which were built to be customizable, have increasingly been involved in cyber scams, albeit in slightly different ways than this scenario. Just recently, a report from researchers found that bots were being leveraged in a scam-as-a-service scheme, wherein criminals were able to automate communications with potential phishing victims. Similarly, a Buzzfeed report from several years ago showed that the bots were being used by Bitcoin scammers to lure victims into shady online pump and dump schemes.