There’s this old chinese saying that goes like that: If you want something to stay private, then don’t post it online. This is particularly true for Facebook users who have included their mobile phone number in their profile.
Also Read: Is Facebook Launching A Phone Call App?
A vulnerability was first reported last week by Digital Trends and it causes concerns to all users of the social network. According to the article, even if you have set your phone number to private and visible only to you, a malicious user can retrieve it and link it with your personal details. The flaw was discovered by Reza Moaiandin, the technical director at the Salt Agency.
Here’s how it works. As you may already know, Facebook search lets you find friends on the network by using their email address or their phone number. And while the latter may be set to private and visible only to you, it doesn’t mean that it’s excluded from the search results produced by the API.
If you are indeed looking for a friend, then seeing his or her profile link and picture on your search results may not be a problem. However, in the event of a malicious user, things change. Associating a number with a name, location and everything else that is publicly visible on a user’s profile may lead to spamming – to say the least.
Mitigating the issue is easy, though. From your account settings you may be able to change the Find Who Can Look Me Up option under How You Connect menu. Setting this option to Friends of Friends or just Friends can provide you with the level of protection you need.
If you like our stories, there is an easy way to stay updated:
Follow @wersm
According to the same sources, while Mr. Moaiandin has already reached out to Facebook to report the issue, the social network has not put any rigid mitigation process in action and it has rather set up “some controls to prevent hackers from gathering mass phone-number lists“, but those are not robust enough.
Image courtesy of Digital Trends.
[wysija_form id=”5″]
More from Other Platforms
Reddit Is Launching Event And Collection Post Types
Following the announcement of a limited beta release last autumn, Reddit has announced it's now started to roll out events …
Tumblr Finally Enables HTTPS For All Accounts
Tumblr has finally enabled HTTPS across its entire site, making this important security update available to all accounts.
Quiz Your Friends With This New Sticker For Instagram Stories
Instagram rolled out a new Quiz sticker for Stories. With the existing Poll and Question stickers, the new addition makes …
