According to a recent report from Motherboard, security researcher Alon Gal discovered that someone had obtained a database of phone numbers from Facebook users and sold them via the Telegram bot. Gal claims the person has access to a database of 533 million users, stemming from a vulnerability in Facebook that was revealed and patched in 2019.
Databases are usually encrypted. In order to obtain useful information, there must be an interaction between the person with the database and the person trying to get information from the database. Creating a Telegram bot and using it to extract data solves this problem. The person who owns the database knows that.
Bots can do two things:
He can find the person’s phone number based on their Facebook ID.
He can find the person’s ID number on Facebook with his phone number.
The motherboard report provides more details on the fact that access to information such as a phone number or Facebook ID requires credit. The guy behind the bot sells the information for $ 20. However, there are also bulk pricing options like 10,000 credits selling for $ 5,000.
The bot comes into effect on January 12, 2021, but the information provided is two years old. However, this is a shame for Facebook because the numbers collected are for two-factor authentication.
Gal contacted Telegram to download the bot. However, no response has yet been received from other parties.