Just after the huge Facebook data leak, during which data leaked -including phone numbers, Facebook IDs, full names and dates of birth - 500 million users, the giant of SOCIAL MEDIA comes face to face with one new "crisis" of privacy: a tool that can link Facebook accounts linked to email addresses, even if users choose settings so that their emails are not visible to the public.
On 20 April, released video with one researcher to show one tool by name “Facebook Email Search v1.0”, which (according to the researcher) could link Facebook accounts to up to 5 million addresses e-mail the day. The researcher - who said he posted this video after discovering a security flaw, which Facebook said he did not think was "important" enough to fix - fed the tool a list of 65.000 email addresses and tracked what happened. subsequently.
The researcher mentioned in the video - when crunching the address list from the tool - the following: "As you can see from the output log here, I get significant results from them. I spent $ 10 to buy a 200-odd Facebook accounts. And in three minutes, I was able to do that for 6.000 email accounts. "
Facebook, for its part, stated the following: "It seems that we 'closed' this bug premiums report incorrectly, before reporting the issue to the appropriate group. "We value the researcher who shares the information and takes action to mitigate this issue, while monitoring developments to better understand the findings."
In addition, a Facebook spokesman declined to answer a question about whether the company told the researcher that it did not consider the error significant enough to correct it. However, the spokesman said that Facebook engineers believe that they have mitigated the leak, "weakening" the technique shown in the video.
The researcher - whose identity remains secret - pointed out that the Facebook Email Search took advantage of a front-end vulnerability which he recently mentioned on Facebook, but the company did not consider it important enough to fix it.
In addition, the researcher noted the following: "Earlier this year, Facebook had a similar vulnerability that was finally fixed. This is essentially the exact same vulnerability. And for some reason, despite the fact that I announced it on Facebook, the company told me directly that it would not take action for it. "
Facebook has been attacked not only for providing tools that help to collect huge volumes of data, but also for the way in which it tries to promote the idea that "Does little harm" its users. A Facebook email that was accidentally sent to a Dutch journalist DataNews, instructed public relations people to "characterize it as a broad industrial issue and to normalize the fact, pointing out that this is something that happens regularly". Facebook also distinguished scraping from hacks and data leaks.
Currently, it is not clear if anyone took advantage of this error to create a huge database, but it certainly would not be a surprise. Finally, the researcher stressed that he believes that This is a very dangerous vulnerability and that is why he would like to help correct it.