Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Dublin: 13°C Friday 12 August 2022

There's a hole in Facebook's security that leaves you open to attackers

But you can fix it pretty easily.

Image: Dominic Lipinski/Press Association Images

FACEBOOK HAS A security flaw which would allow someone to access all your personal data just by guessing your mobile number.

The exploit, which would expose data like your name, location and images, was discovered by Reza Moaiandin, the technical director at SEO company Salt Agency, by accident.

While most of this data is publically available, the concern is that it could be combined with other data, revealing more about the user, and then sold off.

So what’s the issue?

The issue is down to Facebook allowing you to search for anyone by putting their phone number into a search box.

If someone had knowledge of how the exploit worked, they could set up a script to automatically put in all possible number combinations, and discover each users’ Facebook user ID.

That information can be placed in Facebook’s GraphQL, which Facebook uses to organise its data, and highlight all the information the site has on these users.

The information in question is usually available to the public, but Moaiandin’s fear is that by collecting all of this data on a large scale, it could easily be combined with other stolen data, revealing more about the user, before it’s sold on.

Is Facebook doing anything about this?

Moaiandin contacted Facebook about the flaw back in April and while he received a reply, the engineer he was in contact with was unable to reproduce the issue. After a few months had passed and Facebook didn’t consider it a security vulnerability, he decided to make it public as a way to catch Facebook’s attention.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

He believes that Facebook can fix the problem by limiting the requests from a single user, and detecting patterns, as well as pre-encrypting all of its data.

So how can I protect myself?

If you go into settings, and then privacy, you will be presented with a subheading saying ‘Who can look me up?’. Go into the section concerning your phone number and change your status from ‘Everyone’ to ‘Friends’ if it’s not already changed.

Read: Your phone has a music on/off timer that you might not know about >

Read: Is Nokia really making a return to the smartphone market? >

About the author:

Quinton O'Reilly

Read next: