Facebook has missed 500 million user phone numbers
Company Facebook has experienced several scandals in recent years related to the security of its services. The most famous was the Cambridge Analytica case, which cost the American giant $ 5 billion. The portal informs about the latest case of Facebook security failure TheVerge.
More than half a billion users’ phone numbers have been leaked
Cybersecurity specialist Alon Gal pointed to the shoe, which offered more than half a billion Facebook users to sell phone numbers. A bot created on the Telegram chat platform, where he sold information for a price starting at $ 20 for one phone number. He stated that he had information on users from the USA, Canada, Great Britain, Australia and 15 other countries. Fortunately, however, neither Slovakia nor the Czech Republic should be among them.
Bot has been selling numbers like this since January 12. The issue was to affect all users who were registered before 2019 and had an account paired with a phone number. Portal editors Motherboard bota even tested and confirmed that it has real phone numbers of Facebook users. At this time, the shoe should no longer be available. However, in the future, of course, sensitive data of corrupted users may appear on another service.
How was the telephone numbers sold?
According to the portal, practically anyone who obtained the relevant URL could communicate with the bot. The price of telephone numbers was based on credits, with one credit corresponding to one telephone number. Those interested could also take advantage of volume discounts, where, for example, up to 10,000 credits cost $ 5,000. Bot knew how to sell phone numbers in two ways.
The first method was through the identifier of the Facebook user, when in return he sent the requested telephone contact back to the buyer. The second method was with the help of a telephone number, where the shoe provided the identification number of the injured party. It is not known how many people took advantage of this offer. Nor does the portal write about how the attackers got to the phone numbers or whether the numbers of the attacked accounts were secured with two-phase security.