A database of phone numbers belonging to Facebook users is being sold on a cybercriminal forum, with customers looking up numbers using a Telegram bot. One person advertising the phone numbers says it contains data on nearly 500 million users, although the information is several years old. In 2019, a security researcher found 419 million records on an unsecured server, meaning no password was needed to access them. A total of 18 million were from users in the UK, while around 133 million were from American accounts. 

Subscribe
Notify of
guest
3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 27, 2021 1:54 pm

<p>We often hear of breaches and incidents where some information is stolen, but often the focus is on financial information. However, phone numbers are an increasingly important part of users\’ identities, not just as a way to link people to numbers, but also they create a new avenue of attack with SMS phishing (Smishing) attacks.</p> <p> </p> <p>It\’s also worth remembering that SMS is used by many online services to send an authentication code to log onto accounts. If the number for an individual is known, it can open them up to attacks including SIM Swapping whereby the number can be taken over and messages intercepted.</p>

Last edited 1 year ago by Javvad Malik
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
January 27, 2021 2:26 pm

<p>Facebook users will want to be particularly aware of scam calls and texts that will surely be a result of this data being distributed to the bad actors of the world. </p> <p> </p> <p>As is normal for the so-called \"social network,\" Facebook is being characteristically unsocial in sharing information about this situation. As usual, the firm has not officially warned its users of the breach, putting those users in peril of being scammed.</p> <p> </p> <p>Hopefully, the Telegram bot that is being used to sell and distribute the phone numbers will be quickly taken down. Unfortunately, that won\’t undo the damage that has already been done by the distribution of this unsecured Facebook user information.</p>

Last edited 1 year ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
January 27, 2021 3:45 pm

<p>Although it\’s not ideal for a cybercriminal to have your phone number, you can take a few simple precautions to prevent it from being used against you. The phone numbers will most likely be used for scams and phishing. So long as you don\’t click on links or attachments sent from strangers, and don\’t respond to unsolicited requests for information, then you should be fine. Phone numbers are not particularly private pieces of information, so even though you might get a few more scam messages and calls, it\’s not necessary to change your number. That being said, given the huge volume of phone numbers being sold, a few people are bound to fall victim.</p> <p> </p> <p>Facebook users should also adjust their settings so their phone numbers can\’t be used to find their profiles. You can do this by going to Facebook settings &gt; Privacy &gt; How People Find and Contact You. Set \"Who can look you up using the phone number you provided?\" to \"Only me\".</p>

Last edited 1 year ago by Paul Bischoff
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x