By Mark Wilson
If you've added your mobile number to your Facebook account, you might want to reconsider in light of a new security exploit. A software engineer was able to access user data just by entering their mobile number. Profile pictures, names and locations were all accessible even for users who had not made their number public.
There is potential for such harvested data to be misused by malicious parties, as it provides an easy way to link a mobile number to an individual. Reza Moaiandin was able to use a special tool to quickly generate tens of thousands of numbers which, when passed through a Facebook API, fed back the associated user profiles.
As reported by the Guardian, this method of gathering data -- even if it is publicly available -- is open to abuse. Security experts have complained that Facebook had not made it hard enough for people to harvest data in this way. It is something that Facebook users can take steps to protect themselves against, but as things stand Moaiandin says it is like "walking into a bank, asking for a few thousand customers' personal information based on their account number, and the bank telling you: 'Here are their customer details'".
full article
Userlevel 7
+54
by Lisa Vaas on August 11, 2015
A developer says he has found a way to decrypt and harvest Facebook user IDs and other personal data by using one of Facebook's APIs.
Reza Moaiandin said in a recent blog post that the "loophole" allows attackers to gather personally identifiable information from millions of users, including their names, telephone numbers, locations, images and more.
Moaiandin says that he discovered the issue a few months ago and posted about it last week in an attempt to catch Facebook's attention and get it fixed.
The Guardian posted a video in which the developer shows how he exploited the API:
Full Article
A developer says he has found a way to decrypt and harvest Facebook user IDs and other personal data by using one of Facebook's APIs.
Reza Moaiandin said in a recent blog post that the "loophole" allows attackers to gather personally identifiable information from millions of users, including their names, telephone numbers, locations, images and more.
Moaiandin says that he discovered the issue a few months ago and posted about it last week in an attempt to catch Facebook's attention and get it fixed.
The Guardian posted a video in which the developer shows how he exploited the API:
Full Article
Userlevel 7
Important article, for all users using Facebook its important to tighten up your security settings for sure.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.