A cybercriminal created a bot that sold access to millions of Facebook users’ cellphone numbers through the Telegram messaging app, a new report says.
The bot pulled the info from a massive database of phone numbers taken from Facebook before the social network patched a security hole in 2019, according to Motherboard.
A Telegram support representative told The Post that the bot had been blocked by Tuesday morning. But it’s unclear when exactly it was disabled and how long it was active on the platform.
Anyone who pulled up the bot’s Telegram profile could enter the Facebook ID of the person they’re looking for and the bot would fetch the corresponding phone number, the outlet reported Monday. It reportedly worked the other way, too — enter a phone number and the bot would retrieve the Facebook ID that matched it.
But there was a catch — the bot initially hid most of the phone number and forced users to pay to see the whole thing, according to the report. Prices reportedly run from $20 for a single “credit” to $5,000 for 10,000 credits.
The unidentified person who created the bot claimed it could access phone numbers for 533 million Facebook users in dozens of countries, according to Alon Gal of the cybersecurity firm Hudson Rock, who spotted it about two weeks ago.
“It is important that Facebook notify its users of this breach so they are less likely to fall victim to different hacking and social engineering attempts,” Gal told Motherboard.
Facebook said the data stems from a previous security problem that allowed cyberattackers to match phone numbers to user profiles using a sophisticated software code.
“This is old data,” a Facebook spokesperson told The Post in an email. “We found and fixed this issue in August 2019.”
The Telegram bot didn’t return any matches when Facebook tried to check it against newer user data, the tech giant added.
But that doesn’t help people who linked their phone numbers to their Facebook accounts before the issue was fixed, Motherboard noted. The social network already had more than 1.6 billion daily active users in September 2019.