A Telegram Bot Is Giving Away the Phone Numbers of 500 Million Facebook Users
Last updated September 18, 2021
Bob Diachenko has discovered yet another unprotected database online, containing more than 267 million Facebook user names, user IDs, and phone numbers. The non-password-protected Elasticsearch cluster was located on December 14, but it was first indexed by search engines on December 4, 2019. The researcher notified the ISP that managed the IP address of the leaking server, and the database was taken down on December 19. However, this time we can say with certainty that malicious actors accessed it, as the data was posted on a darknet forum on December 12.
Possibly, the uploader of the database was a malicious actor who got the data from the dark web forum in the first place. The question of how did the cyber-crooks manage to get their hands onto this data is answered by the researcher with “unauthorized API access”. More specifically, Diachenko believes that the Facebook API is suffering from an undiscovered (by Facebook’s engineers) hole which hackers know about and actively exploit. Another possibility is that the malicious actors performed large-scale public data scraping, collecting publicly available information by using automated bots.
With the “what” and the “how” answered, the next question that comes into mind is the “why”. Knowing a person’s full name, Facebook profile, and phone number open up a whole host of abusive possibilities for hackers with malicious intent. Phishing campaigns are a common example of how to deploy this type of data. Another way to take advantage of the available info is to launch large-scale SMS spamming campaigns. Remember, people are likely to click on a URL that they have received via SMS, so downloading a malware payload such as a banking Trojan, or visiting a well-crafted phishing page are the most prevalent dangers faced by the exposed individuals right now.
Most of the 267 million Facebook user profiles that were exposed in this incident belong to people who are based in the United States. That said, if you belong to this demographic, be very careful with any unsolicited SMS messages that you may receive from now on. To prevent this scraping from happening again in the future, open your Facebook settings, go to “Privacy” and set all fields to “only me”. Moreover, disable the linking of your profile from search engines outside Facebook. Ideally, delete your Facebook account or deactivate it.
Leave your comments down below, or join the discussion on our social media channels on Facebook and Twitter.