Be cautious of giving Facebook your personal information. A hacker has taken advantage of Facebook's Graph Search to compile thousands of Facebook users phone numbers. This has ignited a privacy row with the social network.
Facebook issued the hacker a cease and desist after he continuously scraped data from the users'. Brandon Copley, a mobile developer in Dallas Texas, searched and downloaded 2.5 million phone numbers and contact information of Facebook users with ease. Even though the privacy setting were set to public, this is still considered an invasion of users' privacy. The Facebook row follows admission of a security breach that exposed the privacy of users email and personal contact information.
“Your privacy settings govern who can find you with search using the contact info you have provided, such as your email address and phone number,” the Facebook representative says. “You can modify these settings at any time from the Privacy Settings page.”
Copley confirms that these users have their contact information set to public, but argues that this is still a security issue.
On March 5, Copley reported a tip to Facebook security, writing, “There is a security invulnerability that allows someone to essentially create a database of phone numbers and Facebook users.”
A member of Facebook’s security team wrote back, in an email Copley shared with us, “I agree with you personally. We do have antiscraping protections (ratelimiting, bad ip blocks, etc) but it comes down to people controlling their privacy, we can make the privacy tools available and we can encourage them to use them but we could never just switch their privacy settings for them. So there is not much more we can do”
Copley says Facebook told him the supposed security flaw was a feature of Graph Search.
On April 26, Facebook’s lawyers sent Copley a cease-and-desist letter, stating, “you are unlawfully acquiring Facebook user data. It appears that you are accessing Facebook through automated means and stealing Facebook access tokens in order to scrape data from Facebook’s site without permission.”
So if our information is being taken from Facebook and sold to spammer company's, could it be our own fault? There are privacy settings on Facebook that we modify, and if they are set to public, aren't we allowing everyone to do as they wish with our information? Maybe if the default setting on Facebook wasn't set to public, and was automatically set to private, this issue wouldn't be so prevalent.
Moral of the story is to double check your privacy settings, before you are a victim of stolen identity.
Privacy Setting Tips
- Organize your friend list - organize your friends into family, friends, co-workers, and separate groups.
- Make it private - go to your privacy settings page and click on "edit settings". Change "everyone" to either "friends of friends" or "friends".
- Hide from the search engines - in your "edit settings" edit "public search" and enable yourself from being searched by others.
- Hide your posts - decide to make the posts on your timeline private.
- Personalize - turn off instant personalization for partnering sites.
- Don't trust anyone - limit your friends from personal information, edit "how people bring info to apps they use".
TechCrunch-Hacker Scrapes Thousands Of Public Phone Numbers Using Facebook Graph Search
Published June 24, 2013
WeLiveSecurity-Facebook privacy row as hacker uses Graph Search to list thousands of phone numbers
Published June 25, 2013
Image courtesy of [chanpipat] / FreeDigitalPhotos.net
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+