Recovering from the last month’s massive leak of phone numbers belonging to 500 million Facebook users, the famous social media platform has a new privacy concern to fight with: a vulnerability that, on a large scale, connects the accounts with their associated email addresses, even when the users select the settings to prevent them from being easily accessible.
Recently, a video was circulating on social media, showed an expert explaining a tool called ‘Facebook Email Search v1.0’, according to the researcher the tool could link Facebook accounts to as many as 5 million email addresses per day. The researcher went public after Facebook regarded this vulnerability as not important enough to be fixed. In the video, the researcher fed the tool a list of 65,000 email addresses and observed what occurred next.
“As you can see from the output log here, I’m getting a significant amount of results from them,” the researcher said as the video revealed the tool crunching the address list. “I’ve spent maybe $10 to buy 200-odd Facebook accounts. And within three minutes, I have managed to do this for 6,000 [email] accounts.”
Moreover, in an official statement, the tech giant has stated that the company had erroneously closed out this bug bounty report before referring to the relevant unit. The tach giant appreciates the researcher sharing the information and Facebook is implementing initial actions to decrease this issue.
In addition to it, Facebook has been caught up in fire not just for presenting the means for these large collections of data, but also for how the company actively tries to support the idea that these threats pose minimal harm to the users of the social media site. It has been reported that an email Facebook involuntarily sent to a reporter at the Dutch publication DataNews directed the people of public relations to express this as a general industry concern and normalize the fact that this activity occurs frequently.”
Image Source: DIGIT