Facebook Hacked: Software Engineer Discovers Flaw, Harvests Public User Data With Algorithm

Don Crothers

Facebook has arguably come under fire for its security practices more than any other website in the history of the internet. As of Q2 2015, the second-most-popular site in the world (according to Alexa) boasted nearly 1.5 billion active accounts: nearly a quarter of the world's population. Now, according to a report from The Guardian, one software engineer has exploited a flaw in Facebook's security and developed a hack to gather thousands of public names, pictures, and locations from Facebook.

"Hacked" is a word that nobody wants to hear associated with Facebook, and it's maybe a bit of an overstatement here. Software engineer Reza Moaiandin, technical director of Leeds-based Salt.agency, took note of a relatively unused Facebook feature which allows users to search for other Facebook users, using only their phone number.

Curious what could be done with this feature, which he discovered "by mistake," Moaiandin wrote up a quick Facebook hacking script using Facebook's API (application programming interface) to quickly generate thousands of possible phone numbers and search for them automatically, essentially using a search algorithm to hack Facebook. The results were thousands of pieces of identifying information gathered very quickly, and posting about it on his company blog, as City A.M. reports.

"By using a script, an entire country's (I tested with the U.S., the U.K. and Canada) possible number combinations can be run through these URLs, and if a number is associated with a Facebook account, it can then be associated with a name and further details."
"If Facebook cares about its community, it should perhaps do more to lead them in the right direction – perhaps ensuring that users have to choose whether they want to make their phone numbers publicly accessible, rather than that being a default."

After submitting the potential hack to Facebook twice privately through their "bug bounty" program, Moaiander finally decided to test the theory and go public with the results.

"[It's like] walking into a bank, asking for a few thousand customers' personal information based on their account number, and the bank telling you: 'Here are their customer details.'"

High-profile hacks are becoming more common every day; as the Inquisitr recently reported, dating/cheating website Ashley Madison was recently hacked, potentially exposing the personal details of 37 million users.

Facebook has 1.5 billion. Do you trust them with your data?

[Photo by Sean Gallup/Getty Images]