Millions of Italian Facebook phone numbers for sale on Telegram

More than 500 million Facebook account phone numbers are for sale on Telegram . Of these, about 35 million are Italian. As reported by Motherboard , a hacker sold access to the numbers database through a Telegram bot. Italy is the second most affected country after Egypt: more than 35 million Italian accounts have their phone numbers in the open. The cost to verify an account number is $ 20.

Phone numbers for sale: the Telegram bot

A database full of phone numbers of Facebook accounts for sale on Telegram: this is the news of the last few hours, which is shaking the whole world. Millions of accounts were hacked and just as many phone numbers linked to the social network were disclosed. To find out was the researcher Alon Gal, who claims that the attacker obtained the data thanks to a known Facebook vulnerability , dating back to 2019.

No direct attack this time: a user, whose identity is still unknown, has created a Telegram bot with which he sells the data of users already present on the internet due to the old data leak, for only 20 dollars. A negligible amount when you think about how much you can get with a phone number. The bot draws from a database containing data from the leak two years ago . It allows you to search in two directions: either by looking for the phone number starting from the ID of an account, or by finding the user if you have the phone number. Alon Gal tested the bot and confirmed that the contacts are genuine.

The Telegram bot allows access to the phone number given the Facebook account ID. Credits: Alon Gal
The Telegram bot allows access to the phone number given the Facebook account ID. Credits: Alon Gal

What is the impact?

Facebook has been warned of the problem, and the company has stated that the contacts obtainable with the bot all date back to before the 2019 fix, so all data updated after August of that year are not in danger. The company itself ran tests confirming that for the most recent data the bot was not returning results. However, this does not minimize the damage of the attack. Despite being given more than a year ago, the phone number is information that is not changed often, so in most cases it is still valid. Furthermore, few users at the time were notified of the violation, so the rest were unable to take useful action.

The Telegram bot claims to have the data of more than 500 million users from 15 different countries. Among these we find Italy, which finds itself with almost 36 million accounts in danger. The serious thing is that not only are users who have shared the number publicly in danger, but also anyone who has registered their number on Facebook for 2FA or receiving notifications.

The list of phone numbers associated with Facebook accounts. Credits: Alon Gal
The list of phone numbers associated with Facebook accounts. Credits: Alon Gal

The Facebook vulnerability

In 2019, Facebook confirmed the existence of a vulnerability that allowed attackers to access the phone numbers of the platform and Instagram accounts. The database used by the Telegram bot was in fact created before the vulnerability was resolved; this means that the phone numbers have been online for nearly two years .

The problem identified by Facebook concerned a non-password protected server where all the phone numbers resided. The stolen records consisted of the account's unique ID and phone number. From these two pieces of information it was very easy for an attacker to find out the name of the logged in user. In addition, some of these records also contained the user's name, gender and country . Facebook fixed the vulnerability shortly after the report, and the server hosting the data was shut down. However, this has not prevented the acquisition of the data by various attackers, including the one behind the Telegram bot.

Facebook account records ended up online with phone numbers. Credits: Tech Crunch
The records of Facebook accounts ended up online. Credits: Tech Crunch

The main risk of this "incident" relates to spam calls and "SIM swapping" attacks. In this case it transfers the victim user's identity to another SIM, using the use number for various purposes. Among these is the possibility of exploiting 2FA to access online services and consequently to sensitive data of various kinds.

Telegram will close the bot, but the database will still remain online . It won't take long for other users to create new bots, or simply to share the same information on other channels. The bot has been active since January 12: we are talking about two weeks, during which anyone can have access to the phone numbers of the accounts at a very low price. We must therefore expect the problem to resurface in the future.

The article Millions of Italian Facebook Phone Numbers for Sale on Telegram comes from Tech CuE .