Security expert warns of simple Facebook trick that hackers could use to steal people's identity
SCI & TECH
By Mirror | August 10th 2015
LONDON, UK: Hackers could use the Facebook search facility to steal the identities of millions of British people, an online security expert has claimed.
Reza Moaiandin, technical director at Salt Agency, claimed digi-crims could easily scan the population of an "entire country" to find targets.
Once they have identified potential victims, all cyber-thieves need to do is type their mobile number into Facebook's search box, allowing them access the person's name, picture, location and other personal information which is highly sought after in the online criminal underworld.
"The most worrying aspect of discovering this issue is that it happened entirely by mistake," Moaiandin said.
"I wasn’t even searching for flaws in Facebook’s security when I came across it.
"Unfortunately, for the 1.44 billion people currently using Facebook, this means that sophisticated hackers and black market sellers can access names and mobile phone numbers in as little as an hour through reverse engineering – at a time when an entire identity can be sold for as little as $5."
After discovering the "huge security loophole", he designed a piece of computer code to automatically scan every mobile phone number in the US, the UK and Canada to work out who could be targeted.
Then it was a simple matter to type vulnerable people's mobile phone number into Facebook's GraphQL search, locate their profile and then harvest as much information from it as possible.
He urged Facebook to close the security gap "before its too late".
Anyone concerned about identity theft should make sure Facebook's privacy settings are set up properly - or avoid letting the social network know their phone number.
A Facebook spokesman said: "The privacy of people who use Facebook is extremely important to us.
"We have industry leading proprietary network monitoring tools constantly running in order to ensure data security and have strict rules that govern how developers are able to use our APIs to build their products.
"Developers are only able to access information that people have chosen to make public.
"Everyone who uses Facebook has control of the information they share, this includes the information people include within their profile, and who can see this information.
"Our Privacy Basics tool has a series of helpful guides that explain how people can quickly and easily decide what information they share and who they share it with."
Nowhere to hide for defaulters as Safaricom tightens Fuliza rules
- More pain for consumers as Epra raises electricity charges
- Relief for motorists as fuel prices reduce
- Kenya Industrial Estates pledges support for enterprises
- MPs give Treasury six months to table debt cut proposals
- Slight reprieve at the pump as State slashes fuel prices by Sh5