A new Facebook bug is exposing millions of email addresses
[ad_1]
Still smarting from last month landfill for phone numbers As for the 500 million Facebook users, the social media giant is facing a new privacy crisis: a tool, on a massive scale, linking Facebook accounts to linked email addresses, even if users choose settings that are not public.
A video circulating on Tuesday showed a researcher showing a tool called Facebook Email Search v1.0, and said it could be linked Facebook at the expense of 5 million email addresses per day. The researcher – who only came out when Facebook said it found the vulnerability was not sufficiently “important” to fix it – gave the tool a list of 65,000 email addresses and then saw what happened.
“As you can see in the output diary here, I’m getting a lot of results,” the researcher said in the video as he showed the tool detailing the address list. “Maybe I spent $ 10 to buy a Facebook account for 200. And in three minutes, I got paid 6,000. [email] accounts “.
Ars got the video unless he shared the video. A full audio transcript appears at the end of this post.
In a statement, Facebook said: “It appears that we closed this bug report incorrectly before targeting it to the appropriate team. We appreciate the researchers sharing the information and taking initial action while we continue to alleviate the problem while finding findings.”
A Facebook representative did not respond to whether the company told the researcher that the weakness was not important enough to ensure a solution. The representative said Facebook engineers believe they have alleviated the leak by disabling the technique shown in the video.
The researcher, who admitted that Ars did not identify himself, said Facebook Email Search had exploited a frontend-end vulnerability recently reported to Facebook but ” [Facebook] don’t think it’s important enough to have patches. “Earlier this year, Facebook had a similar vulnerability that was finally fixed.
“This is basically the same weakness,” says the researcher. “And for some reason, despite showing this to Facebook and reporting it, they have told me directly that they will not take action against it.”
Facebook has been on fire not only for providing the means for such massive data collection, but also for actively promoting the idea that they pose a minimal risk to Facebook users. The company inadvertently sent an e-mail to a journalist in a Dutch publication DataNews He promised public relations people to “raise this as a broad industry problem and normalize the fact that this activity occurs on a regular basis”. Facebook has made a distinction between scraping and hacks or violations.
It is not clear who built this massive database to actively exploit this error, but it would not be surprising. “I think it’s a pretty dangerous vulnerability, and I would like help to stop that,” the researcher said.
Here is the written transcript of the video:
So what I would like to demonstrate here is an active vulnerability in Facebook that allows malicious users to consult Facebook email addresses and return Facebook to matching users.
This works with the weakness of the frontend with Facebook, which I have complained about, has made them aware of, but they are not considered important enough to be patches, as I think the privacy violation is quite obvious. and a big problem.
The software currently available in the hacker community is currently being used.
It is now used to jeopardize Facebook accounts, the Pages team, and Facebook advertising accounts to make money. I have not set this visual example within JS.
What I’ve done here is that I’ve taken 250 Facebook accounts, newly registered Facebook accounts, for about $ 10 that I bought online.
I consulted 65,000 email addresses. As you can see in the output diary here, I am getting a lot of results.
[ad_2]
Source link