A software engineer succeeded in performing an experiment regarding one of Facebook’s security flaws.
He identified a loophole in Facebook’s Privacy Settings and he managed to gather information on thousands of the social platform’s users who had chosen to make their accounts private.
So, even if some of the users avoided making their profiles public, Reza Moaiandin, the software engineer in question, was able to harvest their information nonetheless.
He actually found the users’ phone numbers, by exploiting the social media giant’s privacy settings, which permit anyone to find a user via their phone number.
The “Who can find me?” option is set by default to “public”, even if a user chooses not to display their phone number publicly.
Moaiadin gained access to a significant number of Facebook profiles via a simple algorithm. Afterwards, he sent the data to Facebook’s application programming interface.
Moaiadin confessed that his doing was similar to walking into a bank, requiring personal information on thousands of clients, based on their account number, while the bank would eagerly provide the info in question.
When he alerted Facebook in advance over their flaw in privacy settings, Facebook’s response was a bit unconvincing. The social platform stated that they did not consider it a security flaw, but that they did have the controls to monitor and reduce abuse.
He alerted the social network to design a second layer of encryption, similar to Apple’s or Google’s, which would have stopped him from gaining access to users’ private details.
Security experts reported that Facebook’s vulnerability in this matter could allow hackers to construct databases of Facebook users for sale on the online bank market.
Graham Cluley, computer security analyst, said that Facebook should make it almost impossible for third parties to withdraw or mess with publicly shared info.
Cluley continued by saying that if Facebook cares about their community, they should change the default status of the “Who can find me?” option, allowing users to decide for themselves whether they want to make their phone number public or not.
Moaiadin, technical director of a Leeds-based tech company, also stated that one who has at least some software technology knowledge could easily access the mobile numbers of celebrities or important politicians, provided that individual had posted their phone number on Facebook, without choosing “friends-only” under the “Who can find me?” setting.
It could be concluded that Facebook’s 1.5 billion users’ data seems to be in peril for now, even though a Facebook spokesperson says that everyone who uses Facebook is in control of the details they share, and who can see this information.
Photo Credits gizmodo.jp