Cyber security experts found a security vulnerability that can be exploited by any hacker or malevolent person just by looking at a Facebook user’s mobile phone. Experts say that the vulnerability is serious enough to put personal data of millions of users worldwide at a considerable risk.
Security analysts claim that the vulnerability could expose real names, home addresses, and private photos of millions of Facebook users in less than a day. The data can be harvested by hackers and later sold on black exchanges for profit. And the only thing hackers need to do is to randomly guess users’ phone numbers.
Threat Intelligence analysts said that if that happen on a large scale the financial losses and ID theft scale would be tremendous. Facebook currently counts more than 1.4 trillion users worldwide.
Experts recommend the site to closely watch its privacy settings and make sure that there are no looming threats against its members. Software engineers from Salt Agency found that they can harvest at any time heaps of user data just by randomly typing phone numbers on the site .
Facebook has a function that by default allows anyone to find another user just by typing into a search box his or her phone number. The phone number doesn’t need to be made public by that user. If the hacker guesses it, the site automatically matches it with the owner of that phone number and his or her profile.
The function is called “Who can find me?” and it is turned on and made public by default.
Salt Agency’s Reza Moaiandin reported that he was able to use a simple program to generate countless mobile phone numbers which he later used to identify possible Facebook users and harvest their personal data from their public profiles.
Nevertheless, some may argue that all that data is already made public but their users. So, why worry? Yet, experts said that linking a profile to a phone number that was not meant to be made public would create a serious phishing issue. Hackers and exploiters can harvest millions of phone numbers and data on the profiles attached to them in a matter of a few hours.
Moaiandin likened the issue with a real life situation in which a person goes to a bank and asks an employee to hand him over the names, addresses, and personal photos of the bank’s customers just by presenting some lists with anonymous bank account numbers.
Hopefully, the setting can be changed manually to “Friends Only.” By default, the setting is “Everyone/public,” and a hacker can find the mobile number of an high-pofile user in minutes.
Latest posts by Alan O’Leary (see all)
- Woman Found Alive After Missing for 42 Years - Oct 30, 2017
- October Will Welcome The Draconid Meteor Shower And The Orionids - Oct 6, 2017
- Scientists Are At A Loss After Unearthing A Porpoise Grave - Sep 22, 2017