Access to a database reportedly containing 500 million users’ private information is being sold on a cybercrime forum. Motherboard reports that the database, which hosts data pulled from Facebook more than two years ago, contains people’s phone numbers.
It added that would-be stalkers can then use an automated bot for (messaging app) Telegram which enables hackers to look up those numbers to tie them to an identity. Access is being sold on a per-search basis, with a single lookup costing $20, although you can bulk buy up to 10,000 search credits at a time.
The report says that it tested the bot for itself and found it could identify the number of a user who opted to keep their phone number private. Facebook is said to have confirmed that the data breach is real, and that it concerns a security issue that was resolved in August 2019.
It added that it has tested the system and found that current Facebook IDs are not found in the leak. This does, however, mean that if your phone number was tied to Facebook’s database before August 2019, your details may be up for sale.
Users should be on the lookout for a spike in spam calls, and make their accounts have as little data in them as possible.