Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Facebook Privacy Security Your Rights Online

Facebook Confirms Data Breach 155

Posted by timothy
from the you-like-this dept.
another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. It's not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook's 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited Prakash's activity but it's unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed." Update: 10/11 17:47 GMT by T : Fred Wolens of Facebook says this isn't an exploit at all, writing "The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page. Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked." Update: 10/11 20:25 GMT by T : Suriya Prakash writes with one more note: "Yes, it is a feature of FB and not a bug.but FB never managed to block me; the vul was in m.facebook.com. Read my original post. Many other security researchers also confirmed the existence of this bug; FB did not fix it until all the media coverage." Some of the issue is no doubt semantic; if you have a Facebook account that shows your number, though, you can decide how much you care about the degree to which the data is visible or findable.
This discussion has been archived. No new comments can be posted.

Facebook Confirms Data Breach

Comments Filter:
  • by Minwee (522556) <dcr@neverwhen.org> on Thursday October 11, 2012 @09:01AM (#41618837) Homepage
    It's a good thing there are no phone books on the Internet [whitepages.com], isn't it?
  • by bdwoolman (561635) on Thursday October 11, 2012 @09:26AM (#41619083) Homepage

    I grudgingly use Facebook (Forcebook, Farcebook, Facebroke, Facebork) because so many of my real friends from overseas postings here and there can be found on it. They move around, too, and, well, it just makes sense.. My Android phone just offered me the opportunity to install the FB app when I checked an email message from Facebook -- A friend request from a German pal of mine from my days in Armenia (See?) He's in Uraguay it seems. Well, when I was ready to do the install I read the permissions list.Holy privacy invasion, Batman! It was going to do all the crap I painstakingly don't let the creepy site do on my web browser (it is a battle). And then it was going track my location to boot.

    Bondsbw, you so gave them permission to have your phone when you installed that app. Moreover, you also gave them permission to marry your firstborn child off to the evil sorcerer Zuck when he or she comes of age. (The sorcerer swings both ways.) Oh, I forgot F*ckedbook.

  • by Picass0 (147474) on Thursday October 11, 2012 @09:58AM (#41619421) Homepage Journal

    I hope I don't sound trollish, but it is ultimate your responsibility to safegaurd information you don't want passed around. Reliance on Facebook to safegaurd your stuff implies they care about a few phone numbers, or private photos, or whatever. They don't. They'll write some form letter to everyone and apologize and then go back to fretting about their stock price.

    At Facebook you the product for sale. As long as you keep coming back they don't have a problem.

  • by sootman (158191) on Thursday October 11, 2012 @12:24PM (#41620789) Homepage Journal

    Businessweek: What's possible at a billion-plus users that wasn't possible at, say, 500 million?

    Mark Zuckerberg: There are two ways that I look at this. There's what we can build internally and then there's what can be built externally using Facebook. I'll start with the external stuff... when we were at half a billion people, you got these large-scale services like Skype or Netflix (NFLX) that also had big user bases. And we weren't yet at the point where the majority of their users were Facebook users, so they couldn't really rely on us as a piece of critical infrastructure for registration. A lot of startups did, but the bigger companies couldn't. Now really everyone can start to rely on us as infrastructure.

    http://www.businessweek.com/printer/articles/74456-facebooks-next-billion-a-q-and-a-with-mark-zuckerberg [businessweek.com]

    The problem isn't that the data exists. (As others are pointing out with phonebook analogies.) The problem is that the data--your data--isn't safe. Not that it's totally safe anywhere, but FB seems to have had more than their share of problems.

  • Its me :P (Score:0, Informative)

    by Anonymous Coward on Thursday October 11, 2012 @12:40PM (#41620977)

    Somebody told me many people are commenting here :P .. Guys any technical questions and any comments can be made here :P and I would relpy directly

    -- Suriya Prakash

    I know how trolls are gonna get mad saying this is fake ... soooo here---> https://twitter.com/SuriyaMe/status/256448898258833408

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...