Security flaw in Facebook.
Facebook is the number one target of hackers because of the vast amount of data it has. With nearly a billion+ users and counting, harvesting Facebook users data may be a dream of every cyber criminal worth his salt.
Reza Moaiandin, technical director of Leeds-based company Salt.agency discovered a way to harvest Facebook users data using just their telephone number
“A few months ago, I discovered a security loophole in Facebook that allows hackers to decrypt and sniff out Facebook user IDs using one of Facebook’s APIs in bulk – therefore allowing them to gather millions of users’ personal data (name, telephone number, location, images, and more). This post is an attempt to catch Facebook’s attention to get this issue fixed.”
Once he chanced upon the vulnerability in Facebook, he wrote an an algorithm that generated thousands of numbers automatically. Once he had generated these phone numbers, he sent these number through Facebook’s application programming interface (API). Once he had done that, Moaindin says that user profiles and personal data soon began pouring in.
“By using a script, an entire country’s (I tested with the US, the UK and Canada) possible number combinations can be run through these URLs, and if a number is associated with a Facebook account, it can then be associated with a name and further details”
Moaiandin says that as soon as he discovered this vulnerability in the Facebook API, he alerted Facebook about the security flaw, however Facebook said that this was not a vulnerability.
The Facebook spokesperson told him “We do not consider it a security vulnerability, but we do have controls in place to monitor and mitigate abuse.”