There is a glitch in the matrix as Facebook has another data vulnerability on its hands. This as a researcher showcased a video to a number of tech publications, of a data scraping tool that is capable of matching email address to Facebook profiles in bulk.
While that alone may not be enough to raise concerns, the serious aspect of this discovery is that the tool can match profiles even if a user has chosen to make their email address private or not visible to the public.
The researcher in question reportedly told Facebook about the vulnerability that this tool is capable of, but as we have seen in the recent incident involving 533 million user accounts earlier this month, the tech giant is seeming unperturbed by this latest finding.
“It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings,” it told Motherboard, one of the publications which was sent the aforementioned video, in a statement.
Unfortunately, Facebook has not disclosed what those initial steps being taken are, so it remains to be seen what will actually be done about a vulnerability that potentially impacts all of its users.
According to Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock, who shared a video of the tool in action, the tool is available to hacking groups currently. They are said to be using it to target Facebook Page and advertising account holders via mail access attacks with the objective of taking over their accounts and holding them ransom.
It is still unclear what will happen as a result of this latest discovery, but in an all too familiar case, Facebook does not appear to be taking this threat to user data as seriously as it should.