Is It Safe To Put Your Phone Number On Facebook? New Study Says No And Here's Why

Nicole Arce, Tech Times 12 August 2015, 05:08 am

Facebook has dismissed new reports that the social network has a gaping security hole that allows hackers to steal the personal information of thousands of users just by plugging in their phone numbers.

The social network says it does not consider the problem a "security vulnerability" and has protections in place to keep people's private information away from the prying eyes of the black market, but the software developer who discovered the hole says he is worried that unscrupulous individuals could abuse the system to get their hands on people's private data.

Reza Moaiandin of Leeds-based Salt Agency says he contacted Facebook to inform it of a loophole that can be exploited to gain access to people's personal information just by knowing their phone numbers.

Simply by using a script, Moaiandin says he could generate all the possible phone number combinations in the United States, United Kingdom and Canada. He then sent these phone numbers to Facebook's application programming interface, which returned with all the information included in the profiles of the people associated with these phone numbers.

By default, every Facebook user with a phone number has the "Who can find me?" feature turned on to everybody. This means anybody with the user's phone number can easily find people's information on Facebook, even if their phone numbers are not shared with the public.

Moaiandin admits the information he received are publicly available, but the loophole is very easily open to abuse by people with harmful motives. In an interview with The Guardian, he likens the loophole to approaching a bank teller and telling them to provide all the information about their customers simply by giving them random account numbers, and the teller agrees and comes up with all the details.

"This could be a huge phishing problem if no limit is created, and the loophole is discovered by the wrong person," he said. "The communication with those APIs needs to be pre-encrypted and/or other measures need to be taken before this loophole is discovered by someone who could do harm."

Because the information affected can be publicly accessed, Facebook does not deem it a security issue and points out that users can control who can look them up using their phone numbers.

"The privacy of people who use Facebook is extremely important to us," said a Facebook spokesperson. "Everyone who uses Facebook has control of the information they share, including information on their profile and who can look them up by phone number."

Users who want to change their "Who can look me up?" settings can go to Settings, Privacy and "Who can look you up using the phone number you provided?" They can then click on Edit and select Friends. This should keep their phone numbers unavailable for other people to use to look them up.