FACEBOOK HAS A security flaw which would allow someone to access all your personal data just by guessing your mobile number.
The exploit, which would expose data like your name, location and images, was discovered by Reza Moaiandin, the technical director at SEO company Salt Agency, by accident.
While most of this data is publically available, the concern is that it could be combined with other data, revealing more about the user, and then sold off.
So what’s the issue?
The issue is down to Facebook allowing you to search for anyone by putting their phone number into a search box.
If someone had knowledge of how the exploit worked, they could set up a script to automatically put in all possible number combinations, and discover each users’ Facebook user ID.
That information can be placed in Facebook’s GraphQL, which Facebook uses to organise its data, and highlight all the information the site has on these users.
The information in question is usually available to the public, but Moaiandin’s fear is that by collecting all of this data on a large scale, it could easily be combined with other stolen data, revealing more about the user, before it’s sold on.
Is Facebook doing anything about this?
Moaiandin contacted Facebook about the flaw back in April and while he received a reply, the engineer he was in contact with was unable to reproduce the issue. After a few months had passed and Facebook didn’t consider it a security vulnerability, he decided to make it public as a way to catch Facebook’s attention.
He believes that Facebook can fix the problem by limiting the requests from a single user, and detecting patterns, as well as pre-encrypting all of its data.
So how can I protect myself?
If you go into settings, and then privacy, you will be presented with a subheading saying ‘Who can look me up?’. Go into the section concerning your phone number and change your status from ‘Everyone’ to ‘Friends’ if it’s not already changed.
To embed this post, copy the code below on your site
have your say