Déjà vu as Facebook has another data scraping vulnerability on its hands

Share on facebook
Share on twitter
Share on linkedin
Share on email

There is a glitch in the matrix as Facebook has another data vulnerability on its hands. This as a researcher showcased a video to a number of tech publications, of a data scraping tool that is capable of matching email address to Facebook profiles in bulk.

While that alone may not be enough to raise concerns, the serious aspect of this discovery is that the tool can match profiles even if a user has chosen to make their email address private or not visible to the public.

The researcher in question reportedly told Facebook about the vulnerability that this tool is capable of, but as we have seen in the recent incident involving 533 million user accounts earlier this month, the tech giant is seeming unperturbed by this latest finding.

“It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings,” it told Motherboard, one of the publications which was sent the aforementioned video, in a statement.

Unfortunately, Facebook has not disclosed what those initial steps being taken are, so it remains to be seen what will actually be done about a vulnerability that potentially impacts all of its users.

According to Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock, who shared a video of the tool in action, the tool is available to hacking groups currently. They are said to be using it to target Facebook Page and advertising account holders via mail access attacks with the objective of taking over their accounts and holding them ransom.

It is still unclear what will happen as a result of this latest discovery, but in an all too familiar case, Facebook does not appear to be taking this threat to user data as seriously as it should.

Robin-Leigh Chetty

Robin-Leigh Chetty

When he's not reviewing the latest smartphones, Robin-Leigh is writing about everything tech-related from IoT and smart cities, to 5G and cloud computing. He's also a keen photographer and dabbles in console games.

NEWSLETTER