Facebook users, watch out: according to Vice News, someone has created a database of your cell phone numbers and is selling access to it through an automated Telegram messaging bot.

The silver lining is that the data is old. Phone numbers and associated Facebook account data were legally "scraped" before April 2018, when Facebook made the scraping process more difficult in the wake of the Cambridge Analytica scandal, i.e., publicly available Facebook pages that were downloaded in large quantities from a publicly available Facebook page.

Until that month, Facebook could be used like a reverse phone book. Entering a valid cell phone number, even a random one, would often bring up related Facebook accounts, including the name and location of the user of that cell phone number.

The database to which this enterprising Telegram account is currently selling access appears to be a vast collection of phone numbers and associated Facebook accounts. One can look up a Facebook account using a phone number or look up a phone number using a Facebook user name.

According to one source cited by Vice News, there may be as many as 500 million numbers in the database, but this number may be exaggerated. Given that cell phone numbers are not publicly available in many countries, this white page of cell phone numbers may be worth a fortune to telemarketers, scammers, snoopers, stalkers, and bitcoin thieves.

If so, the sellers of this data are incentivizing customers to buy in bulk. If one looks up a number and finds that a Facebook account is associated with it, or vice versa, one must pay one "credit" for all the information.

One credit is sold for US$20, but there is a steep discount to purchase blocks of credits in advance, up to 10,000 credits for US$5,000, or 50 cents per credit.

Vice News ran some tests and found that the database "contains the real phone numbers of Facebook users who are trying to keep this number private."

So what can be done about this? Unfortunately, not much.

If you have a real enemy or stalker who might use this lookup service to track you down and harm you, you can change your cell phone number if you haven't changed it in the past couple of years.

The same is also true if you own a large amount of bitcoins and are at serious risk of having all of your phone numbers and digital currency completely stolen due to number porting fraud and the resulting failure of two-factor authentication (2FA).

For most people, however, it would not be worth changing their cell phone numbers. Data has been publicly available for years; it has likely been exposed in several Facebook data dumps in the past, including September 2019, December 2019, and most recently April 2020.

Facebook requires everyone who installs Facebook on a smartphone to enter their cell phone number. It also urges those who do not use the mobile app to sign up for 2FA.

In the privacy settings of one's Facebook account, one should make sure that one's phone number is set to "Friends" or "Only Me." (You also need to set your birthday to "Only Me" in Settings > Facebook Info > Access My Info > Profile Info > About > Contacts and Basic Info.)

To take even more drastic measures, follow the steps here to Facebook to remove your phone number completely from Facebook. It is too late to prevent your phone number from becoming part of an existing collection of phone numbers linked to Facebook, but at least you can prevent it from happening again.