Brandon Copley, a mobile developer in Dallas, Texas, collected a database of 2.5 million Facebook users’ phone numbers exclusively using the site’s Graph Search function to prove a point to Facebook. He was slapped with a cease-and-desist order from Facebook for his efforts.
On March 5, Copley reported a tip to Facebook pointing out the security flaw in Graph Search. Facebook wrote him back acknowledging the problem, though they said that all they can do to remedy it is to encourage users to strengthen their security settings. He gathered the massive database of numbers as a response to them, using API tokens to perform millions of searches for phone numbers. His account was then banned several times in March and April, and Facebook’s lawyers soon contacted him and demanded that turn over all the information he had gathered, as well as his methods.
“Facebook is denying its users the right to privacy by allowing our phone numbers to be publicly searchable as the default setting,” Copley told Tech Crunch. “This means that anyone with my number knows my Facebook contact information. I may have not told my future employer about my Facebook account, but if I called them on my cell phone they can now know how to find me on Facebook.”
Facebook hasn’t revealed yet if it will pursue litigation against Copley; since all of the information he found was public, they would likely have a tough time forming a case. Even though Copley’s exposure of this issue is troubling, it can hopefully lead to a change for the better in Graph Search’s privacy settings.
BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.
PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.
SocialSafe helps you to create your library of you. It’s the safest place for your online life. Downloaded to your computer, auto organised and instantly searchable. Supports most major social networks.