Facebook might be a free platform, but there is a hidden cost for users: personal information. Indeed, the company says that by providing it with your email address and phone number, you can ensure your account’s security. But a recently-exposed flaw shows that wasn’t exactly the case.
A team of security researchers recently discovered a bug on Facebook that could’ve allowed advertisers to obtain users’ phone numbers by using the site’s self-service ad targeting tools. The flaw made it possible for advertisers to get phone numbers by using a person’s email address, or by seeing if they visited a particular web page. Thankfully, Facebook fixed the problem on December 22, and said there’s no evidence that the flaw was exploited. However, experts think there could be more bugs like it lurking in Facebook’s code.
“If I had to bet on it I would think there are other bugs in there,” Krishna Gummadi, a security researcher who worked on the problem, told WIRED. “Facebook has data on a lot of people and is making this data accessible to advertisers through some very feature rich interfaces.”