A security breach on Facebook exposed hundreds of millions of phone numbers associated with accounts on the social network. This sensitive data is offered for sale on Telegram by a bot.
Facebook is in the rough. While the platform has attracted the mistrust of a large number of people on its WhatsApp platform , Mark Zuckerberg’s company is now singled out for a security breach endangering millions of phone numbers.
Indeed, cybersecurity expert Alon Gal indicates on Twitter that a Facebook vulnerability dating from 2019 and since resolved was exploited in 2020 by one or more malicious hackers. Thus, 533 million accounts were found exposed according to his estimates.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm
– Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Telephone numbers sold on Telegram
The flaw in question allowed a hacker to get hold of the phone numbers associated with Facebook accounts. Since then, this sensitive database has found its way to the Telegram platform for sale.
Alon Gal reports his concerns to Motherboard .
It is very disturbing to see a database of this size being sold in cybercrime communities, it seriously invades our privacy and will certainly be used for smishing and other fraudulent activities by bad actors.
19.8 million accounts concerned in France
According to his observations, a bot on Telegram is currently selling these phone numbers recovered from the breach. It also shares the number of accounts affected by country. In France, more than 19.8 million accounts are thus compromised.
The computer security researcher also adds that the bot has been active since mid-January 2021 according to his estimates.
By getting their hands on one of these phone numbers, an attacker can track down the associated Facebook ID. However, it should be remembered that these numbers are used by the social network to carry out double authentication or to send a message if the password is forgotten.