There’s this old chinese saying that goes like that: If you want something to stay private, then don’t post it online. This is particularly true for Facebook users who have included their mobile phone number in their profile.
Also Read: Is Facebook Launching A Phone Call App?
A vulnerability was first reported last week by Digital Trends and it causes concerns to all users of the social network. According to the article, even if you have set your phone number to private and visible only to you, a malicious user can retrieve it and link it with your personal details. The flaw was discovered by Reza Moaiandin, the technical director at the Salt Agency.
Here’s how it works. As you may already know, Facebook search lets you find friends on the network by using their email address or their phone number. And while the latter may be set to private and visible only to you, it doesn’t mean that it’s excluded from the search results produced by the API.
If you are indeed looking for a friend, then seeing his or her profile link and picture on your search results may not be a problem. However, in the event of a malicious user, things change. Associating a number with a name, location and everything else that is publicly visible on a user’s profile may lead to spamming – to say the least.
Mitigating the issue is easy, though. From your account settings you may be able to change the Find Who Can Look Me Up option under How You Connect menu. Setting this option to Friends of Friends or just Friends can provide you with the level of protection you need.
If you like our stories, there is an easy way to stay updated:
According to the same sources, while Mr. Moaiandin has already reached out to Facebook to report the issue, the social network has not put any rigid mitigation process in action and it has rather set up “some controls to prevent hackers from gathering mass phone-number lists“, but those are not robust enough.
Image courtesy of Digital Trends.