Facebook has been at the center of a privacy controversy over the last few weeks — several people had switched over from WhatsApp to Signal after WhatsApp’s new terms required sharing of data with Facebook — but it appears that the company has yet another privacy scandal on its hands.
A user has set up a Telegram bot that enables people to look up the phone numbers of Facebook users through their Facebook usernames. “The bot helps to find out the cellular phone numbers of Facebook users,” the Telegram bot says upon being launched. The bot lets users enter either a phone number to receive the corresponding user’s Facebook ID, or visa versa. Tech publication Motherboard tested the bot and confirmed it contained the real phone number of a Facebook user.
The service, though, isn’t free. The bot is lets people unlock a piece of information, like a phone number or Facebook ID, for one credit, which the person behind the bot is selling for $20. There’s also bulk pricing available, with 10,000 credits selling for $5,000. The bot says that it has the information of 553 million Facebook users, and also has a detailed county-wise breakup of where the accounts are from.
The breach which has led to the data being publicly available had apparently occurred in 2019, when researchers had found that they were able to collect Facebook users’ phone numbers. After being alerted, Facebook had fixed the vulnerability, but users who’d shared their phone numbers with Facebook pre-2019 were vulnerable. Facebook says that the Telegram bot doesn’t have data for accounts created after 2019, but that isn’t particularly reassuring — most people on Facebook had created their accounts a long time prior to 2019.
The data breach underscores the privacy concerns that were raised when WhatsApp had announced that it was going to share some data with Facebook. Facebook and WhatsApp are home to the two most powerful databases perhaps in existence — WhatsApp has details of your personal chats and your photos, while Facebook knows your friends and interests. If the two databases were to ever combine, they could perhaps contain more information about people than any database in human history. But such a database would also be vulnerable, which perhaps made people pause before accepting WhatsApp’s new terms — as Facebook’s latest data breach shows, data shared with corporations in confidence can end up being available on the web for $20 per pop.