[Privacy Alert] Make Sure Your Mobile Phone Number is Private on Facebook

alertA UK software developer discovered an enormous loophole in Facebook’s defenses that allowed him to obtain their names, profile pictures, locations and more just by guessing their mobile numbers. How did he uncover so much private information? Easy: Facebook Graph Search.

You may not know it, but your default “who can find me?” search setting is “Everyone/Public.” That means any user could find you via your information—including your mobile phone number. So the software developer who discovered the weakness, Reza Moaiandin, generated tens of thousands of mobile numbers using an algorithm and sent them to Facebook’s API tool for app developers. Facebook then sent him back tons of user profiles corresponding to the numbers he’d generated.

Moaiandin notified Facebook about the loophole using its bug bounty program, but the site told him that the bug does not represent a major security vulnerability. However, some experts disagreed, and have called on Facebook to update its users’ default settings.

“They should be attempting to prevent the widescale hoovering up of data, and I’m disappointed to hear that they appear to have failed on this occasion,” Graham Cluley, a computer security analyst, told The Guardian. “If Facebook cares about its community, it should perhaps do more to lead them in the right direction—perhaps ensuring that users have to choose whether they want to make their phone numbers publicly accessible, rather than that being a default.”

To set your mobile number to ‘Only Me,’ follow the directions below:

  1. Click on your name in the top right corner
  2. Click the ‘About’ tab located below your Cover Photo
  3. Hover mouse over your contact information and an edit link will appear
  4. Hover mouse over phone number and audience selector will appear
  5. Set your mobile number to Only Me
  6. Share the alert with your friends

Recommended Resources

bitdefender trafficlightBitDefender Traffic Light is a free cross-browser add-on that intercepts, processes and filters all Web traffic, blocking any malicious content and taking browser security to new levels.

Blur is the first all-in-one solution that protects your passwords, payments, and privacy. It gives power back to people making it simple to choose what amount of their personal information they are OK providing to any website: no matter a) what they are doing- surfing, creating a new account, or shopping, or b) what device they are using – mobile phone, browser or tablet.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!

Facebook To Display Privacy-Explaining Banner For European Users Previous post Facebook To Display Privacy-Explaining Banner For European Users Lawyer: Government Can Look On Facebook For Fraud, So Be Careful What You Post Next post Lawyer: Government Can Look On Facebook For Fraud, So Be Careful What You Post