Researcher Stumbles Upon a Method to Harvest Facebook User Data via API Flaw
Facebook has had its fair share of security issues and, to their credit, have addressed many of them in time to prevent any detrimental consequences. Just like any other social network, Facebook inevitably succumbs to some type of security issue at the hands of a hacker, or in this recent case, a technical director who accidently discovered a method to collect personal details of Facebook users.
Reza Moaiandin, the technical director at the Salt.agency SEO firm, has run across a method that can use used to harvest personal details of Facebook users. The method is a process of utilizing the Facebook API by means of running simple scripts and bulk phone numbers added at random.
The use of Facebook's API is a wonder method for app developers and others with the proper know-how to create add-ons or clever components to add functionality to the social networking giant and its users. On the flip side of what the Facebook API opens up for developers, few may use the infrastructure for the wrong intent and end up relinquishing the personal details of Facebook users as Moaiandin has in hits recent accidental discovery.
Moaiandin uncovered a Facebook exploit through a feature called "Who can find me", which is a service that allows users to select what details they share with the public over the internet. The details, even if hidden, can be searched through the Facebook API. Due to the default settings allowing details to be shared through the Facebook API, data is visible to those with the proper access to the API instead of the general Facebook public.
Use of the ability to search user data through the Facebook API is only one open door that allowed Mr. Moaiandin to accidently make this discovery. In this case, it seems Facebook user data may be harvested by taking one more step to run a specific script with obtained bulk phone numbers found on the opened database.
In essence, such a flaw could uncover details from any of the 1.4 billion Facebook users. Think about that for a minute.
Facebook does limit rates within its API to prevent abuse of its developer tools or those who seek malicious intentions. The problem within the API structure is how a developer may be able to take steps to stay under the built-in API limit and still be entitled to access personal user details. Moreover, the ability to collect user data in bulk is the major take way in the case of Mr. Moaiandin being able to harvest the data and then use it for whatever purpose he wants.
As Mr. Moaiandin is no crook, he took the next step of notifying Facebook of this inherent flaw, which can easily be fixed by Facebook. Upon contacting Facebook with this information and sharing it in a blog post and video, Facebook responded to reassure others how the privacy of people who user Facebook is an important feat for them. Even so, Facebook went further to release the following statement.
"The privacy of people who use Facebook is extremely important to us. We have industry-leading proprietary network monitoring tools constantly running in order to ensure data security and have strict rules that govern how developers are able to use our APIs to build their products. Developers are only able to access information that people have chosen to make public."
"Everyone who uses Facebook has control of the information they share, this includes the information people include within their profile, and who can see this information. Our Privacy Basics tool has a series of helpful guides that explain how people can quickly and easily decide what information they share and who they share it with."
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.