October 11, 2012

Facebook Hack Exposes Users Phone Numbers

Facebook hack exposes users phone numbers.

Or, the following could also be termed as –

Facebook’s Poor Privacy Settings Exposes Users Phone Numbers.

Suriya shares his experiences with Facebook Security – he found a vulnerability which can expose {phone number: username} for a very large number of Facebook users. A query such as

When 123456789 was replaced by a mobile phone number, it exposed the corresponding username.

An automated script testing a large number of mobile phone numbers would expose the corresponding usernames.

In spite of Suriya informing Facebook, they had no rate-limits set to limit/block such automated queries.

He has posted a small subset of Facebook user’s phone numbers (at the link below) to show that this was the case.

Most phone numbers posted are from India, New York.

His recommendation to Facebook users 
So to protect yourself against this, change your settings to “My friends” and ask Facebook to provide an “Only me option” and make it such that it is the default setting for all users!

Meanwhile Facebook Security has some work to do.

Tags: facebook privacy issue, facebook phone number hack, facebook mobile hack, facebook exposes users phone numbers, suriya facebook hack, how to protect phone number in facebook, facebook privacy settings