Facebook Feature Can Lead to Identity Theft
Aug. 17, 2015
Security experts are warning about a simple Facebook search that hackers can take advantage of to compromise victims' personal information.
Once a cyber thief knows the phone number of a potential victim, the thief can then enter the number into the Facebook search box, and the individual's profile will come up, which can include information such as birthdate, hometown, recent whereabouts and where the individual works, worked in the past, and went to school.
This can open a treasure trove of information for hackers to use on a quest to steal someone's identity, warns an SEO agency called Salt.agency.
The social networking site encourages any users who upload pictures from their mobile phone to add their number as well.
Cyber thieves can quickly scan the population of an "entire country," to find targets, Reza Moaiandin, technical director at Salt.agency told the Daily Mail.
"Underlining the security dangers, a British software engineer has even harvested thousands of data about users, simply by generating random phone numbers," writes the Daily Mail.
Moaiandin used a coding script to generate "every possible number combination in the UK, US and Canada," according to the Daily Mail. Then, he sent millions of numbers to Facebook's app-building program (API) in bulk—which returned millions of unobstructed personal profiles.
"With this security loophole, a person with the right knowledge can harvest the non-private details of the users who allow public access to their phone numbers, enabling the harvester to then use or sell on the user details for purposes that the user may not be happy with," Moaiandin told the Daily Mail.
Fortunately, Facebook users can take some steps to protect their privacy and make it much harder for identity thieves to compromise their personal information. For starters, users can select which friends can view their personal information, including their birthdate, relationship status, phone number and hometown, in the About Me section of their profile. They can limit this to different groups of people, such as friends, work colleagues and so on.
Users also have the option to include their phone number, but hide it from searches using the search bar. To do this, users can select to hide their number in the "Who can look me up?" setting under Facebook's privacy and safety tab tools.
According to the Daily Mail, Facebook told Moaiandin: "We do not consider it a Facebook vulnerability but we do have controls in place to monitor and mitigate abuse."
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.