Digital Sovereignty & Cyber Security

A user of a low-level cybercriminal forum is selling access to a database of phone numbers belonging to Facebook users, and conveniently letting customers look up those numbers by using an automated Telegram bot.

Although the data is several years old, it still presents a cybersecurity and privacy risk to those whose phone numbers may be exposed—one person advertising the service says it contains data on 500 million users. Facebook told Motherboard the data relates to a vulnerability the company fixed in August 2019.

"It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing and other fraudulent activities by bad actors," Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock, and who first alerted Motherboard about the bot, said.

Upon launch, the Telegram bot says "The bot helps to find out the cellular phone numbers of Facebook users," according to Motherboard's tests. The bot lets users enter either a phone number to receive the corresponding user's Facebook ID, or visa versa. The initial results from the bot are redacted, but users can buy credits to reveal the full phone number. One credit is $20, with prices stretching up to $5,000 for 10,000 credits. The bot claims to contain information on Facebook users from the U.S., Canada, the U.K., Australia, and 15 other countries.

Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter.

Marriott said last week that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system.

Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company’s private probe into the attack.

That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.

While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood’s computer networks since 2014, said one of the sources.