SECURITY RESEARCH HAS FOUND a problem with Facebook's privacy settings and systems that could enable the mass harvesting of personal details.
The problem stems from the storing of mobile phone numbers that it was important for the social network to have, and the exploitation of people who have chosen to share their digits with the service.
Users who have linked a mobile phone number to their account are at risk of an attack that uses guesswork and effort to break them down and make off with their details.
Reza Moaiandin, software engineer and technical director at security firm the SALT Agency, said that he discovered the fault and informed Facebook about it "months ago". His public post was designed to encourage Facebook to heed his warnings.
Moaiandin said that he effectively stumbled on the problem, and wasn't looking for flaws when he fell onto one. Elsewhere, including in Belgium, flaws in the Facebook privacy proposition are a very hot topic.
"A few months ago, I discovered a security loophole in Facebook that allows hackers to decrypt and sniff out Facebook user IDs using one of Facebook's APIs in bulk - therefore allowing them to gather millions of users' personal data (name, telephone number, location, images, and more)," he said.
"Through this, a hacker can then communicate with Facebook's GraphQL to get as many details as possible, by passing the hashed ID.
"Unfortunately, for the 1.44 billion people currently using Facebook, this [problem] means that sophisticated hackers and black market sellers can access names and mobile phone numbers in as little as an hour through reverse engineering - at a time when an entire identity can be sold for as little as $5."
The researcher said that he went to Facebook in April, but that the firm's response was not enthusiastic and it did not consider the problem to be significant.
We poked Facebook to see what it has to say about this. The company did not specifically address Moaiandin's concerns, saying only that it takes user privacy very seriously and trusts those that use its APIs to do the same.
"The privacy of people who use Facebook is extremely important to us. We have industry leading proprietary network monitoring tools constantly running in order to ensure data security, and have strict rules that govern how developers are able to use our APIs to build their products. Developers are only able to access information that people have chosen to make public," said a spokesperson.
"Everyone who uses Facebook has control of the information they share, this includes the information people include within their profile, and who can see this information. Our Privacy Basics tool has a series of helpful guides that explain how people can quickly and easily decide what information they share and who they share it with." µ
We don't have enough faces or palms
You'll find it in the App Store under 'hipster'
Firm's OLED plant is working at 'less than 50 per cent capacity'