A privacy vulnerability on Facebook could allow strangers to link your phone number to your name and profile picture, potentially leading to a host of targeted attacks.
There are a number of good reasons to give Facebook your phone number. You may be the admin of a large fan page and need the extra layer of security. It also helps you regain your account if you find yourself the victim of an online scam.
And if you have given it to Facebook, you could be at risk of targeted attacks from criminals who have managed to link your phone number to your name, simply because you didn’t realise that Facebook sets the default setting ”Who can look you up using the phone number you provided?” to public.
That means someone can type your phone number into the Search facility on Facebook and get directed to your profile. It doesn’t mean your phone number is made public to someone who visits your profile.
However software developer Reza Moaiandin managed to build a piece of software that essentially automates the process of typing in phone numbers into Facebook, going through one phone number at a time [but very quickly] and connecting those phone numbers to the names of the Facebook profiles associated with them, and recording the results to a database.
This could allow any developer to build an enormous database of their own, linking phone numbers to the names and even locations of the people who own them, on a very large scale.
This is a problem because this information is valuable to both marketers and criminals. Imagine getting a text message with your name included on it? Messages that contain your name would seem more believable. It’s a targeted attack, and targeted attacks have a higher success rate across the board.
Sponsored Content. Continued below...
Technically no private information is being exposed, because Facebook defaults the setting to allow anyone to look you up via your phone number. This fact coupled with the ability to allow third party developers to execute large searches makes this a significant vulnerability.
What do you need to do? There is an easy fix, and you really should do it straight away. Head straight to your settings, click Privacy and make sure the above mentioned option is set to Friends, not Everyone.
This prevents third party developers from obtaining your phone number and thus not allowing them to link it to your name. Whilst you’re over there, also make sure the same setting regarding your email address is also set to friends as well.
So is this really a vulnerability? Absolutely.
It’s bad enough that Facebook make this setting public by default, but allowing potentially malicious developers from grabbing this information on a large scale is asking for trouble. Facebook either need to make this setting private by default or work harder to prevent developers from obtaining so much public information so easily.
Make sure your Facebook account is locked down for ultimate privacy. Read our full guide here.