Privacy on social networking sites has been a debatable issue ever since its formation. Facebook users might have to give a second thought now if they’re open to sharing their mobile number on Facebook, even under the ‘private’ header. For organisations like Facebook who have time and again been making money off the information shared by the user, this is not novel.
To anyone who uploads their profile picture on the social network, the site keeps encouraging users to post their numbers too. And if you fall in the trap and add your number, based on the privacy assured to you, you still need to be worried! Once you add the number, anyone who puts your number in the search bar can track your details such as name, address and even see your picture.
To bring to the public front the deeper security dangers, a British software engineer has even harvested thousands of data about users, simply by generating random phone numbers. Reza Moaiandin, technical director of Salt.agency, used a coding script to generate every possible number combination in the UK, US and Canada. He then sent millions of numbers to Facebook’s app-building program (API) in bulk. In return, he received millions of unobstructed personal profiles
“With this security loophole, a person with the right knowledge can harvest the non-private details of the users who allow public access to their phone numbers, enabling the harvester to then use or sell the user details for purposes that the user may not be happy with,” Moaiandin said.
How does a cyber criminal sell data?
- The black market trade of the cyber criminals is highly profitable, even more than the illegal drug trade as stated by a report of the RAND Corporation last year.
- Photographs, names and numbers, even education history along with locations can be sold on the network of these trading sites.
- Hackers sell this data and make astounding profit.
The RAND report even states that Twitter and Facebook accounts are now more profitable than stolen credit cards as they have much more details of the individual like even their birthdates and relationship statuses besides the major buck earners like numbers and addresses.
This data is more than enough to gain all the right knowledge about the person as it has all the non-private details right on the platter. However Facebook told the security researcher, ‘We do not consider it a security vulnerability but we do have controls in place to monitor and mitigate abuse. Facebook in its defence has also said that the users are free to adjust privacy settings so that people cannot search their information using phone numbers.
So we believe that the problem lies in the fact many users may not be aware that they can change their privacy setting in the ‘Who can look me up’ menu, and that this is set to Public by default. Its time to go grilling into your Facebook account and keep a tab on the minimalistic details of what you’re sharing and what not!