A few days ago, security researcher Suriya Prakash demonstrated that he could collect a large number of usernames and phone numbers from Facebook customers by leveraging a privacy flaw.
Initially Facebook representatives said there was nothing they could do about it, highlighting the fact that “it’s a feature, not a bug.”
However, after the media picked up Suriya’s findings they “developed an extensive system” to prevent the misuse of the search functionality.
“Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked,” the social media company told
The expert has confirmed that a mitigation mechanism has been set in place. The accounts of users who try to look up a wide range of phone numbers are suspended for 24 hours.
“Trying to lookup a 10k range no longer works. After a few hundred (at most) you get logged out,” Suriya wrote on his blog