A mobile developer has discovered what he claims is a security vulnerability in the Facebook Graph Search that allowed him to automate the compilation of a list of some 2.5 million phone numbers – some of which are tied to Facebook accounts and, therefore, user identities – to prove a point to the company.
When Brandon Copley first discovered this flaw this last March, he tipped off Facebook to its existence so that they could patch it.
“I used this to catch a criminal–someone was selling stolen goods on Craigslist, and I had their number, and used this to find who that person was on Facebook and from there reported them to the police,” he explained to the security team. Unfortunately, the company responded by saying that it considers it a normal feature and that it’s up to the users to safeguard their privacy with the tools made available to them by the social network.
SOURCE: net-security.org
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.