A security researcher has developed an algorithm that exploits a flaw in a Facebook default privacy setting to obtain cell phone numbers linked to Facebook accounts and then get information associated with those accounts.
After discovering that the Who Can Find Me? feature on Facebook, which helps someone find a member of the social media company’s community by typing in a phone number, defaulted to a public setting, software engineer Reza Moaiandin, co-founder of SALT.agency, created the algorithm that generated tens of thousands of phone numbers, which were then sent to a Facebook application programming interface (API). Moaiandin announced his findings, last Tuesday, on his company’s blog.
What the researcher got back was numerous user profiles, each with an identification number that could be used to obtain information such as the user’s full name, public profile information, phone make and messenger type, according to the Guardian. The API only sent publicly available information but Moaiandin said there is still room for abuse.
view the full story here