Facebook has been caught in yet another privacy and user data breach incident as phone numbers of nearly 6 Lakh Indian users are being sold on Telegram through a bot. The Indian user data is part of a database of 500 Mn Facebook users and their phone numbers which are being sold on the messaging app.
The Telegram leak is related to a previous security incident, which Facebook had admitted to in late 2019 and later fixed. According to a Motherboard report, the bot is exploited the Facebook vulnerability to access every Facebook account across all countries. The Telegram bot is selling a phone number or Facebook ID for $20 or INR 1,500, while batches of 10,000 numbers are being sold at $5,000 each.
A user’s phone number, if it continues to be linked to the Facebook account, can be used to find their Facebook user ID, which can not only lead to fraudulent activities on the platform, but other email and phone number related phishing and hacking attacks.
The vulnerability was reported in late 2019 and enabled anyone to see the phone number linked to over 400 Mn Facebook users. At the time, the social media giant claimed the data was scraped from Facebook, before the policy changes on the platform cut off developer access to phone numbers. The company also claimed the server contained about 220 Mn records. It remains to be seen whether the latest incident has any bearing on Facebook’s various court cases and privacy-related issues around the world.
In India, the Central Bureau of Investigation (CBI) registered a case against UK-based political consulting firm Cambridge Analytica and Global Science Research LTD (GSRL) last week in relation to the major Facebook data harvesting controversy which surfaced in 2017 and 2018. The company is being probed for “illegally harvesting the personal data Facebook users in India.” About 5.62 Lakh Indian users were allegedly affected by this data harvesting.