Facebook security flaw lets hackers get personal data using phone numbers
Facebook won't let you have a nickname, and have been sued by thousands over personal privacy, and now, the social network is being lambasted for their lackadaisical approach to security. Why? Well, a software engineer discovered that he was able to harvest a load of personal information about thousands of FB users, with little more than some phone numbers.
With a number of people's names, photos, location settings and phone numbers leaking through the flaw, Facebook clearly need to tighten things up. Whether they actually care or not, is another matter entirely.
So how was this done? Well, the information was mined using the search feature where you can look for people using their phone number. The software engineer wrote an algorithm which generated thousands of numbers, and after processing them through Facebook’s API, they soon had a load of user profiles and personal data.
Of course, the problem here is that there's no limit to the amount of data you can get as you can do unlimited searches for people. This loophole means that cyber villains could get info about millions of Facebook users.
Reza Moaiandin, technical director of Leeds-based company Salt.agency and the person who found this exploit, said: "By using a script, an entire country’s (I tested with the US, the UK and Canada) possible number combinations can be run through these URLs, and if a number is associated with a Facebook account, it can then be associated with a name and further details"
Moaiandin alerted Facebook, and the spokesperson replied with: "We do not consider it a security vulnerability, but we do have controls in place to monitor and mitigate abuse."
So, if you are bothered about this, and trust the tools Facebook has in place, you might want to change your privacy settings.