Tech News: Research shows how a tool can link millions of email addresses to Facebook profiles.
Facebook he has another privacy issue on his hands. A security researcher shared a video with Vice, Ars Technica and others showing how a tool can match email addresses Facebook bulk profiles, even if users have chosen to keep their email information hidden from the public. According to the original source, they reported the front-end vulnerability that the tool abuses Facebook, but apparently he was told that the company would not take any action against it.
In a statement sent to the newspapers, the social network said it “was inadvertently shut down [the] bug bounty report [for the vulnerability] before forwarding it to the appropriate team. “It is now taking” the first steps to mitigate this problem. “
Alon Gal, the co-founder of the Hudson Rock cybercrime intelligence company, tweeted about the tool along with a copy of the video. Technologist Ashkan Soltani also tweeted a transcript of the original video, in which the source talked about how they were able to use the tool to match 5 million addresses with Facebook accounts within one day. They also said the tool is available from hacking groups and that attackers use it to target the owners of advertising pages and accounts with mail access attacks with the aim of detecting their pages and accounts for monetary gain.
Below is the transcript from a video that the researcher shared to demonstrate the attack (he asked to remain anonymous).
It claims that automated software is available in the hacker community to exploit this vulnerability which is used to compromise FB advertiser accounts.
More details to come pic.twitter.com/3P7rc6VyIB
– ashkan soltani (@ ashk4n) April 20, 2021
Facebook he did not say what he has already done to prevent the tool from exploit the vulnerability. Hopefully, it has taken the necessary steps to correct the flaw, because according to the source, there is a large-scale campaign to create a huge database for malicious purposes. The database, once completed, will be filled with the e-mail data collected with this tool and with the personal data of the 533 million Facebook members affected by a breach revealed last month.