A security researcher is threatening to go public with a ‘privacy leak’ that Facebook thinks of as a feature instead of a flaw.
It’s been known for years that anyone can find out your phone number if you gave it to Facebook and didn’t lock down your privacy settings, but a security researcher has claimed there is a way to find phone numbers which are not set to “public” on Facebook accounts.
Belgian security researcher Inti De Ceukelaire said he discovered he could exploit Facebook in order to get hold of cell phone numbers which are not supposed to be publicly visible.
Please keep in mind that most of this news required using translations to read it in English and that can mangle quotes. De Ceukelaire said he was able to “identify the mobile phone numbers of top politicians and Flemish celebrities through their Facebook profile. This involved numbers associated with that profile, but normally not visible publicly.” To prove his point, he pulled up the phone number of Belgium’s Interior Minister Jan Jambon via his Facebook profile and then did the same thing for other politicians and celebrities.
“For clarity, I could find out his number on his account not vice versa,” he said according to a Google-translated version. The following translation is even more confusing. “Roughly, I think you get the number 20 percent of the Flemish people can find that way. Of all the people who have their mobile number linked to their profile goes to the 80 percent.” That likely didn’t clear up any already murky understanding of the problem.
He “warned” Facebook twice about the security issue, saying he will go public with it if Facebook doesn’t make changes. But to Facebook’s way of thinking, this is not a flaw but a feature. Facebook directed him to documentation about how to control who can search for you via your phone number or email address. Yet De Ceukelaire claims it is a serious privacy leak, being that phone numbers which are not set to be displayed by the public can be found.
De Ceukelaire has already reported the problem to the police and is giving Facebook another chance to fix the problem before he goes public.