A mobile developer has discovered what he claims is a security vulnerability in the Facebook Graph Search that allowed him to automate the compilation of a list of some 2.5 million phone numbers – some of which are tied to Facebook accounts and, therefore, user identities – to prove a point to the company.
When Brandon Copley first discovered this flaw this last March, he tipped off Facebook to its existence so that they could patch it.
“I used this to catch a criminal–someone was selling stolen goods on Craigslist, and I had their number, and used this to find who that person was on Facebook and from there reported them to the police,” he explained to the security team. Unfortunately, the company responded by saying that it considers it a normal feature and that it’s up to the users to safeguard their privacy with the tools made available to them by the social network.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…