Millions of leaked Facebook phone numbers are exposed in a Telegram bot.

A large security breach fixed by Facebook in 2019 continues to offer a high risk to users of the social network: phone numbers for 533 million accounts were leaked thanks to a massive attack. And now access to this list is even easier: anyone can find out the phone number of a Facebook user affected by the leak just by using a Telegram bot.

Facebook has had serious security concerns for a few years, especially after scandals such as Cambridge Analytica. The leaks of user data have been notorious thanks to unauthorized access to Facebook; like Cambridge Analytica itself or a lesser known one, the leak of 533 million phone numbers. That database, dumped directly from Facebook due to an already patched vulnerability, has been posing a risk since 2019. Especially when a Telegram bot is enough to discover the phone number of a Facebook user.

Give the bot a Facebook ID and it returns its phone number

Millions of leaked Facebook phone numbers are exposed in a Telegram bot

The vulnerability of Facebook that allowed obtaining the phone number associated with any user was corrected in 2019. This implies that the database that has been circulating since then has a certain age; without this meaning that the data is out of date because it is usual not changing phone number frequently. And that anyone can obtain such private data by asking a simple bot is a great attack against privacy.

As they discovered on Motherboard, after a report by Alon Gal, the aforementioned Telegram bot works as expected. The user behind said bot is unknown no matter how much he offers the information upon payment. Because it is not enough to ask the Telegram bot, first you have to make a payment for the service: $ 20 for a unit consultation (one credit); $ 5,000 for massive access (10,000 credits).

Millions of leaked Facebook phone numbers are exposed in a Telegram bot

In Motherboard they verified that the phone numbers associated with the Facebook ID are correct. This puts 533 million users around the world at risk; with 10,894,206 accounts affected in Spain.

If you have a Facebook account to which you have added the phone number, we recommend that you activate two-step verification. In the event that you change your number after August 2019 you are not affected by the database filtration; even though it is advisable to add a second step to the beginning of Facebook. You can also delete the account from the platform.

Millions of leaked Facebook phone numbers are exposed in a Telegram bot