Facebook Develops “Extensive System” to Fix Phone Number Leakage Issue

The accounts of users who attempt to exploit the search functionality are suspended

By on October 11th, 2012 08:24 GMT

A few days ago, security researcher Suriya Prakash demonstrated that he could collect a large number of usernames and phone numbers from Facebook customers by leveraging a privacy flaw.

Initially Facebook representatives said there was nothing they could do about it, highlighting the fact that “it’s a feature, not a bug.”

However, after the media picked up Suriya’s findings they “developed an extensive system” to prevent the misuse of the search functionality.

“Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked,” the social media company told TheNextWeb.

The expert has confirmed that a mitigation mechanism has been set in place. The accounts of users who try to look up a wide range of phone numbers are suspended for 24 hours.

“Trying to lookup a 10k range no longer works. After a few hundred (at most) you get logged out,” Suriya wrote on his blog.
Facebook prevents abuse of the phone number search functionality
   Facebook prevents abuse of the phone number search functionality
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments