Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Confirms Data Breach

Posted by timothy on from the you-like-this dept.

another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. It's not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook's 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited Prakash's activity but it's unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed." Update: 10/11 17:47 GMT by T : Fred Wolens of Facebook says this isn't an exploit at all, writing "The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page. Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked." Update: 10/11 20:25 GMT by T : Suriya Prakash writes with one more note: "Yes, it is a feature of FB and not a bug.but FB never managed to block me; the vul was in m.facebook.com. Read my original post. Many other security researchers also confirmed the existence of this bug; FB did not fix it until all the media coverage." Some of the issue is no doubt semantic; if you have a Facebook account that shows your number, though, you can decide how much you care about the degree to which the data is visible or findable.

5 of 155 comments (clear)

  1. Re:Phonebook by Anonymous Coward · · Score: 5, Funny

    Phonebook? Is that like an e-book on your phone?

  2. Re:Anecdote Time! by SIR_Taco · · Score: 4, Funny

    ...

    I used to have a very common name. So common that according to the latest census there are 40,000 of me walking around the United States (first and last name). I have met myself (first, middle and last) four times and the second time I met myself I was 19

    ...

    John Jacob Jingleheimer Schmidt? That's my name, too!

    --
    I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
  3. Re:Need a Survey / Cognitive Risk by Minwee · · Score: 4, Funny

    Then you'd be surprised at how many databases your groin has been in.

  4. Re:Phonebook by Anonymous Coward · · Score: 1, Funny

    You're rude so you blame people on Slashdot? How internet of you.

  5. Re:I just refused to install the Facebook app by Anonymous Coward · · Score: 2, Funny

    Oh, I forgot F*ckedbook.

    you don't have to have ex girlfriends on facebook