Why you should NEVER put your phone number on Facebook
Aug 10, 2015 13:37:29 GMT -5
Post by schwartzie on Aug 10, 2015 13:37:29 GMT -5
Why you should NEVER put your phone number on Facebook: Loophole means anyone can find you despite your privacy settings
Facebook users are encouraged to add phone number to their profile
But if they do, anyone can search them by typing number into search bar
Due to a loophole, privacy settings do not apply to the number search
To prove the dangers, an engineer sent millions of randomly-generated numbers into Facebook's API and received millions of data about users
The social network was notified of the issue in April but it remains intact
By Mia De Graaf For Dailymail.com
Published: 11:32 EST, 10 August 2015 | Updated: 12:52 EST, 10 August 2015
Facebook users may want to think twice before putting a phone number on their profile.
The social network encourages anybody who uploads pictures from their mobile to add their number too.
But if they do, anybody can find that person's name, picture and location - regardless of their privacy settings - by typing their number into the search bar.
Underlining the security dangers, a British software engineer has even harvested thousands of data about users, simply by generating random phone numbers.
HOW CYBER CRIMINALS SELL DATA
The cyber criminals’ black market has become even more profitable than the illegal drug trade, according to a report last year by the national security division of RAND Corporation.
Pictures, names, phone numbers, education history, and locations can be sold on a network of illegal trading sites, the report found.
Typically, hackers sell vast quantities of data in bulk for an astonishing profit.
Twitter and Facebook accounts are now more profitable than stolen credit cards, according to the report.
Reza Moaiandin, technical director of Salt.agency, used a coding script to generate every possible number combination in the UK, US and Canada.
He then sent millions of numbers to Facebook's app-building program (API) in bulk. In return, he received millions of unobstructed personal profiles.
Despite notifying Facebook in April, and calling for APIs to be pre-encrypted, the security loophole remains intact, leaving the site's 1.44 billion users open to hacks.
'We do not consider it a security vulnerability, but we do have controls in place to monitor and mitigate abuse,' a Facebook spokesman told Mr Moaiandin, according to his blog.
Mr Moaiandin said in a statement to the Mail: 'With this security loophole, a person with the right knowledge can harvest the non-private details of the users who allow public access to their phone numbers, enabling the harvester to then use or sell on the user details for purposes that the user may not be happy with.'
The cyber criminals’ black market has become even more profitable than the illegal drug trade, according to a report last year by the national security division of RAND Corporation.
Pictures, names, phone numbers, education history, and locations can be sold on a network of illegal trading sites, the report found.
Typically, hackers sell vast quantities of data in bulk for an astonishing profit.
Twitter and Facebook accounts are now more profitable than stolen credit cards, according to the report.
In an email to Daily Mail Online, Facebook defended its security settings, insisting users can adjust their privacy settings to stop people searching their information using a phone number.
The spokesman added that developers using the site's APIs are subject to strict rules, and the firm uses 'rate limits' to prevent abuse of APIs, adding that they have taken action against developers who have abused those policies.
In a full statement, the spokesman said: 'The privacy of people who use Facebook is extremely important to us. We have industry-leading proprietary network monitoring tools constantly running in order to ensure data security and have strict rules that govern how developers are able to use our APIs to build their products. Developers are only able to access information that people have chosen to make public.
'Everyone who uses Facebook has control of the information they share, this includes the information people include within their profile, and who can see this information. Our Privacy Basics tool has a series of helpful guides that explain how people can quickly and easily decide what information they share and who they share it with.'
Offering a more bleak outlook, cyber security expert Justin Cappos, professor in computer science and engineering at NYU's Polytechnic School of Engineering, says it would be surprising if Facebook took action on the matter.
Reza Moaiandin used a script to find all possible number combinations in the US, the UK and Canada before running them in bulk through Facebook's API to receive millions of profiles. This is a grab from his blog
Unlike Apple, which focuses on building products, Facebook is founded on the idea of freely collating and sharing data.
'Their core mission statement is to allow people to go and disseminate information. So it's not surprising that they haven't responded to this,' Professor Cappos told Daily Mail Online.
'A company like Apple has quite a different perspective on who uses its devices. They are not trying to monetize you, they are trying to make really nice devices.
'If you're providing information to an organization like Facebook, they are making many off sharing that information about you.'
Ultimately, he says, the responsibility will always lie with the user.
'I always say only share things on Facebook that you would post publicly. Imagine a jealous ex-lover going and finding your new number or companies using it for marketing purposes. It is all in the open.'
ONE IN EVERY FIVE MINUTES ON SMARTPHONES IS SPENT ON FACEBOOK
Facebook's average users spend around 46 minutes on its smartphone apps a day. It now accounts for a fifth of all smartphone use
If you are looking at your mobile phone, there is a one in five chance you will be checking Facebook.
The social network is now so popular, it accounts for a fifth of the time we spend on our smartphones, with many people logging in dozens of times a day.
The average user spends around 46 minutes a day on Facebook’s apps, excluding its Whatsapp messaging service, helping to drive its popularity to an all time high.
The company, which is worth nearly £170 billion ($264 billion), has also seen a marked growth in user numbers.
It now has almost 1.5 billion users around the world who check their Facebook page at least once a month – the equivalent to the populations of China and Nigeria combined.
That means that half of the three billion people who have access to the internet worldwide, now check the social network on at least monthly basis.
However, many of those are doing so much more frequently than that: around two thirds of users log in on a daily basis, the company said as it announced its quarterly results on Tuesday evening.
The enormous figures helped to drive Facebook’s revenues up by nearly 40 per cent in the three months to the end of June, as it sold more and more advertising to the companies that want to reach its growing pool of users.
However, the company’s share price still dipped as much as 4.8 per cent as low as $92.30 (£59.29) a share, as investors grew anxious about Facebook’s increasing costs.
link
Facebook users are encouraged to add phone number to their profile
But if they do, anyone can search them by typing number into search bar
Due to a loophole, privacy settings do not apply to the number search
To prove the dangers, an engineer sent millions of randomly-generated numbers into Facebook's API and received millions of data about users
The social network was notified of the issue in April but it remains intact
By Mia De Graaf For Dailymail.com
Published: 11:32 EST, 10 August 2015 | Updated: 12:52 EST, 10 August 2015
Facebook users may want to think twice before putting a phone number on their profile.
The social network encourages anybody who uploads pictures from their mobile to add their number too.
But if they do, anybody can find that person's name, picture and location - regardless of their privacy settings - by typing their number into the search bar.
Underlining the security dangers, a British software engineer has even harvested thousands of data about users, simply by generating random phone numbers.
HOW CYBER CRIMINALS SELL DATA
The cyber criminals’ black market has become even more profitable than the illegal drug trade, according to a report last year by the national security division of RAND Corporation.
Pictures, names, phone numbers, education history, and locations can be sold on a network of illegal trading sites, the report found.
Typically, hackers sell vast quantities of data in bulk for an astonishing profit.
Twitter and Facebook accounts are now more profitable than stolen credit cards, according to the report.
Reza Moaiandin, technical director of Salt.agency, used a coding script to generate every possible number combination in the UK, US and Canada.
He then sent millions of numbers to Facebook's app-building program (API) in bulk. In return, he received millions of unobstructed personal profiles.
Despite notifying Facebook in April, and calling for APIs to be pre-encrypted, the security loophole remains intact, leaving the site's 1.44 billion users open to hacks.
'We do not consider it a security vulnerability, but we do have controls in place to monitor and mitigate abuse,' a Facebook spokesman told Mr Moaiandin, according to his blog.
Mr Moaiandin said in a statement to the Mail: 'With this security loophole, a person with the right knowledge can harvest the non-private details of the users who allow public access to their phone numbers, enabling the harvester to then use or sell on the user details for purposes that the user may not be happy with.'
The cyber criminals’ black market has become even more profitable than the illegal drug trade, according to a report last year by the national security division of RAND Corporation.
Pictures, names, phone numbers, education history, and locations can be sold on a network of illegal trading sites, the report found.
Typically, hackers sell vast quantities of data in bulk for an astonishing profit.
Twitter and Facebook accounts are now more profitable than stolen credit cards, according to the report.
In an email to Daily Mail Online, Facebook defended its security settings, insisting users can adjust their privacy settings to stop people searching their information using a phone number.
The spokesman added that developers using the site's APIs are subject to strict rules, and the firm uses 'rate limits' to prevent abuse of APIs, adding that they have taken action against developers who have abused those policies.
In a full statement, the spokesman said: 'The privacy of people who use Facebook is extremely important to us. We have industry-leading proprietary network monitoring tools constantly running in order to ensure data security and have strict rules that govern how developers are able to use our APIs to build their products. Developers are only able to access information that people have chosen to make public.
'Everyone who uses Facebook has control of the information they share, this includes the information people include within their profile, and who can see this information. Our Privacy Basics tool has a series of helpful guides that explain how people can quickly and easily decide what information they share and who they share it with.'
Offering a more bleak outlook, cyber security expert Justin Cappos, professor in computer science and engineering at NYU's Polytechnic School of Engineering, says it would be surprising if Facebook took action on the matter.
Reza Moaiandin used a script to find all possible number combinations in the US, the UK and Canada before running them in bulk through Facebook's API to receive millions of profiles. This is a grab from his blog
Unlike Apple, which focuses on building products, Facebook is founded on the idea of freely collating and sharing data.
'Their core mission statement is to allow people to go and disseminate information. So it's not surprising that they haven't responded to this,' Professor Cappos told Daily Mail Online.
'A company like Apple has quite a different perspective on who uses its devices. They are not trying to monetize you, they are trying to make really nice devices.
'If you're providing information to an organization like Facebook, they are making many off sharing that information about you.'
Ultimately, he says, the responsibility will always lie with the user.
'I always say only share things on Facebook that you would post publicly. Imagine a jealous ex-lover going and finding your new number or companies using it for marketing purposes. It is all in the open.'
ONE IN EVERY FIVE MINUTES ON SMARTPHONES IS SPENT ON FACEBOOK
Facebook's average users spend around 46 minutes on its smartphone apps a day. It now accounts for a fifth of all smartphone use
If you are looking at your mobile phone, there is a one in five chance you will be checking Facebook.
The social network is now so popular, it accounts for a fifth of the time we spend on our smartphones, with many people logging in dozens of times a day.
The average user spends around 46 minutes a day on Facebook’s apps, excluding its Whatsapp messaging service, helping to drive its popularity to an all time high.
The company, which is worth nearly £170 billion ($264 billion), has also seen a marked growth in user numbers.
It now has almost 1.5 billion users around the world who check their Facebook page at least once a month – the equivalent to the populations of China and Nigeria combined.
That means that half of the three billion people who have access to the internet worldwide, now check the social network on at least monthly basis.
However, many of those are doing so much more frequently than that: around two thirds of users log in on a daily basis, the company said as it announced its quarterly results on Tuesday evening.
The enormous figures helped to drive Facebook’s revenues up by nearly 40 per cent in the three months to the end of June, as it sold more and more advertising to the companies that want to reach its growing pool of users.
However, the company’s share price still dipped as much as 4.8 per cent as low as $92.30 (£59.29) a share, as investors grew anxious about Facebook’s increasing costs.
link
