Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Dominic Lipinski/Press Association Images

There's a hole in Facebook's security that leaves you open to attackers

But you can fix it pretty easily.

FACEBOOK HAS A security flaw which would allow someone to access all your personal data just by guessing your mobile number.

The exploit, which would expose data like your name, location and images, was discovered by Reza Moaiandin, the technical director at SEO company Salt Agency, by accident.

While most of this data is publically available, the concern is that it could be combined with other data, revealing more about the user, and then sold off.

So what’s the issue?

The issue is down to Facebook allowing you to search for anyone by putting their phone number into a search box.

If someone had knowledge of how the exploit worked, they could set up a script to automatically put in all possible number combinations, and discover each users’ Facebook user ID.

That information can be placed in Facebook’s GraphQL, which Facebook uses to organise its data, and highlight all the information the site has on these users.

The information in question is usually available to the public, but Moaiandin’s fear is that by collecting all of this data on a large scale, it could easily be combined with other stolen data, revealing more about the user, before it’s sold on.

Is Facebook doing anything about this?

Moaiandin contacted Facebook about the flaw back in April and while he received a reply, the engineer he was in contact with was unable to reproduce the issue. After a few months had passed and Facebook didn’t consider it a security vulnerability, he decided to make it public as a way to catch Facebook’s attention.

He believes that Facebook can fix the problem by limiting the requests from a single user, and detecting patterns, as well as pre-encrypting all of its data.

So how can I protect myself?

If you go into settings, and then privacy, you will be presented with a subheading saying ‘Who can look me up?’. Go into the section concerning your phone number and change your status from ‘Everyone’ to ‘Friends’ if it’s not already changed.

Read: Your phone has a music on/off timer that you might not know about >

Read: Is Nokia really making a return to the smartphone market? >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Quinton O'Reilly
View 10 comments
Close
10 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds