Nearly 1.44 billion Facebook users are prone to hacker due to some serious security flaw. Those users who have provided their contact numbers to the Facebook profile might suffer severe consequences. As by searching with a phone number in the Facebook search bar, it provides the detailed information and location, even if you have disabled location access in privacy settings
A report from Daily Mail revealed that technical director of Salt agency, Reza Moaiandin has deployed a coding script to generate every possible number combination for the phone numbers in Britain, US and Canada.
In addition, he sent those millions of number combinations to the Facebook’s app-building programme (API) in bulk and as a result, the system yielded few lesser number of unobstructed facebook profiles as an output.
“With this security loophole, a person with the right knowledge can harvest the non-private details of the users who allow public access to their phone numbers, enabling the harvester to then use or sell the user details for purposes that the user may not be happy with,” Moaiandin was quoted as saying by the Mail.
The details generated by the Facebook’s app-building API and the search bar can be misused by the cyber criminals, however, the social media giant isn’t taking any actions to securing the APIs by pre-encrypting them. Despite notifying Facebook in April, the loophole remains intact, leaving the site’s 1.44 billion users open to hacks.
Philip Lieberman, chief exec of privilege management firm Lieberman Software, commented, “Given that Facebook is a public-facing social network, the ability to farm its public users’ information has always been the case. In fact, many sophisticated spear phishing attacks are based on public information found on Facebook and other social networks.”
While warning users of their security Lieberman said that best practice is to not to share or publish anything on the net that might give a chance for a hacker to break into. He further added that a user should not limit access that allows friends to access information as the private information is still available for the attacker.