Interested parties can purchase “credits” to find the archive, which starts at $ 20, But they can reach $ 5,000 For 10,000 questions. The chatbot claims to have information about Facebook users from the United States, Canada, United Kingdom, Australia and fifteen other countries. More than 8 million Brazilian accounts would have been affected.
The database is not new, and according to Facebook it is related to the company’s vulnerability Corrected in august 2019. A large number of information concerns phone numbers: shoppers can enter a number to obtain the corresponding user ID on the social network or vice versa.
Alon Gall, co-founder and CTO of cyber security company Hudson Rock, says, “It is very worrying to see databases of this size being sold in cybercrime communities. It severely damages our privacy and certainly It will be used for defamation and other fraudulent activities. ” – Who posted on Twitter about the case.
Website Motherboard Tested the bot and confirmed that it contained the actual phone number of the Facebook user. When consulted, the company stated that the data platform ID that was created before the vulnerability was fixed. Facebook said it tested the bot against recent data and did not return any results.
Even with outdated information, privacy violations can be dangerous, as Facebook had encouraged – and sometimes demanded – users to register a phone number for several years before 2019. The bank also has contacts that people have provided to the platform for two-factor authentication.
“It is important that Facebook inform its users of this breech so that they are less likely to fall prey to individual attempts by hackers and social engineering,” Gall says.