Facebook leaves 1.44 billion users open to hacks
A report from Daily Mail revealed that technical director of Salt agency, Reza Moaiandin has deployed a coding script to generate every possible number combination for the phone numbers in Britain, US and Canada.
Those users who have provided their contact numbers to the Facebook profile, may face negative circumstances. As by searching with a phone number in the Facebook search bar, it provides the detailed information and location, despite the fact that you have made proper privacy settings.
In addition, he sent those millions of number combinations to the Facebook’s app-building programme (API) in bulk and as a result, the system yielded few lesser number of unobstructed facebook profiles as an output.
The details generated by the Facebook’s app-building API and the search bar can be misused by the cyber criminals, however, the social media giant isn’t taking any actions to securing the APIs by pre-encrypting them. Despite notifying Facebook in April, the loophole remains intact, leaving the site’s 1.44 billion users open to hacks.
“With this security loophole, a person with the right knowledge can harvest the non-private details of the users who allow public access to their phone numbers, enabling the harvester to then use or sell the user details for purposes that the user may not be happy with,” Moaiandin was quoted as saying by the Mail.
Philip Lieberman, chief exec of privilege management firm Lieberman Software, commented, “Given that Facebook is a public-facing social network, the ability to farm its public users’ information has always been the case. In fact, many sophisticated spear phishing attacks are based on public information found on Facebook and other social networks.”
“The best protection from these types of attacks is to not publish anything that you don’t want used to attack you. Don’t depend on the feature to limit access to your data to only your ‘friends’, since your friends will probably get compromised and your private information will be available to the attacker,” he added.