Cyber SecurityNews

Another Facebook Data Breach surfaces, Telegram Bot found selling data

From a massive data breach (Facebook’s version: ‘scrapping exercise’) which exposed personal data of 533 million users, to a widespread outage, this week has certainly not been kind to Facebook. But right on the weekend, Facebook is once again in news for the wrong reasons. Just as it said that it won’t notify those 533 million users, Motherboard reported that an online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Facebook Page. The report also confirms that the database is different from the 533 million account database.

How does it work?

There’s a bot on Telegram. A description for the bot reads “The bot give [sic] out the phone numbers of users who have liked the Facebook page.” To get the information from the bot, customers need to identify the unique identification code of the Facebook page. Once they enter this code into the bot, it gives out the price of the data in USD. Customers can pay and get the data. Motherboard confirmed the operation by downloading data from it’s own Facebook page. It got 1,34,803 results for the cost of $539.

The bot even offers the data for free is a page has under 100 likes. It gives out the results in a simple spreadsheet file which includes the user’s full name, phone number, and gender. However, it does not necessarily give out the data of all users who liked the page. In case of Motherboard, it got 1,34, 803 results while 787k people have liked the page.

Different tests also confirm that the dataset is not from any dataset leaked before and the data was not available in the Have I Been Pwned dataset as well.

How can the database be misused?

The report quoted Alon Gal, who first tweeted about the 533 million dataset, “What threat actors would want to do with it is extract specific niche pages and have them sold as “leads’,” Gal said when Motherboard showed him the new bot. “For instance, extract the ‘Bitcoin UK’ group and convert them to a list of phone numbers read to be sold as leads to companies, quite a lucrative business.”.

Cyber criminals could also use the data to scam people. Having said that, here’s how you can avoid falling for a scam if a hacker comes after you!

Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.

You can also follow us on InstagramFacebookLinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.

Rohit Ranjan Praveer

Rohit is a practicing advocate at Delhi. Beginning as a tech enthusiast, Rohit always had a keen interest in computer forensics and information security. Building upon these fundamentals, he has undertaken extensive research on various techno-legal topics and continues his pursuit pass on valuable information to the masses, with a zeal to build something that outlasts him.​

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.