Facebook security flaw lets hackers get personal data using phone numbers

10 August 2015

Bitterwallet - Facebook Facebook won't let you have a nickname, and have been sued by thousands over personal privacy, and now, the social network is being lambasted for their lackadaisical approach to security. Why? Well, a software engineer discovered that he was able to harvest a load of personal information about thousands of FB users, with little more than some phone numbers.

With a number of people's names, photos, location settings and phone numbers leaking through the flaw, Facebook clearly need to tighten things up. Whether they actually care or not, is another matter entirely.

So how was this done? Well, the information was mined using the search feature where you can look for people using their phone number. The software engineer wrote an algorithm which generated thousands of numbers, and after processing them through Facebook’s API, they soon had a load of user profiles and personal data.

Of course, the problem here is that there's no limit to the amount of data you can get as you can do unlimited searches for people. This loophole means that cyber villains could get info about millions of Facebook users.

Reza Moaiandin, technical director of Leeds-based company Salt.agency and the person who found this exploit, said: "By using a script, an entire country’s (I tested with the US, the UK and Canada) possible number combinations can be run through these URLs, and if a number is associated with a Facebook account, it can then be associated with a name and further details"

Moaiandin alerted Facebook, and the spokesperson replied with: "We do not consider it a security vulnerability, but we do have controls in place to monitor and mitigate abuse."

So, if you are bothered about this, and trust the tools Facebook has in place, you might want to change your privacy settings.

TOPICS:   Social Media   Privacy


  • Jack S.
    Or not put your phone number on facebook like an incalculable buffoon.
  • bill
    They've had the 'let people look you up using your phone number' option for ages. The wiser of users likely disabled it a while ago but then again facebook have a habit of changing/resetting/renaming/replacing the settings on a regular basis under the illusion that they are 'making facebook safer'... so best to double check your privacy settings for this option.

What do you think?

Your comment