Facebook 'dangerous vulnerability' exposes millions of email addresses

Posted:
in General Discussion edited April 2021
After the company allegedly dismissed the exploit, a security researcher highlighted a Facebook vulnerability exposing millions of user email addresses.

A Facebook vulnerability, which the company allegedly dismissed as not important enough to fix, leaks user email addresses
A Facebook vulnerability, which the company allegedly dismissed as not important enough to fix, leaks user email addresses


The anonymous researcher created a video demonstrating a tool that can link Facebook accounts to their email addresses. The tool can process up to five million email addresses per day.

The security expert said they reported the bug to Facebook before going public. They made the Facebook Email Search v1.0 tool and posted the video after the social giant allegedly told them it didn't think the exploit was "important" enough to be fixed. The tool exploited a front-end vulnerability.

In an email about the leak that Facebook accidentally sent to Dutch publication DataNews, the firm instructed public relations staff to "frame this as a broad industry issue and normalize the fact that this activity happens regularly."

Responding to Ars Technica, who viewed the video, a Facebook spokesperson said, "It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings."

In an email accidentally sent to a Dutch publication, Facebook instructed PR reps to downplay the incident
In an email accidentally sent to a Dutch publication, Facebook instructed PR reps to downplay the incident


Facebook didn't respond to Ars' question about whether the company had told the researcher initially that the vulnerability wasn't important enough to fix.

This "mega-leak" comes a month after a dump of phone numbers belonging to 500 million Facebook users. Facebook has 2.8 billion monthly active users, including many using the iOS app on iPhones and iPads.

It's currently unknown whether any malicious actors used the bug to build a database of Facebook users' email addresses. "I believe this to be quite a dangerous vulnerability," said the researcher, "and I would like help in getting this stopped."

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

Comments

  • Reply 1 of 7
    kkqd1337kkqd1337 Posts: 468member
    i think Facebook seriously needs breaking up
    pulseimagespsliceh4y3sNoFliesOnMebluefire1StrangeDaysviclauyycwatto_cobra
  • Reply 2 of 7
    haywoodhaywood Posts: 18member
    So glad I dumped that cesspool of an app years ago.  I don’t understand why people put up with their data getting leaked all the time and continue to support the platform. Lemmings. 
    iqatedowatto_cobra
  • Reply 3 of 7
    haywood said:
    So glad I dumped that cesspool of an app years ago.  I don’t understand why people put up with their data getting leaked all the time and continue to support the platform. Lemmings. 
    I keep going back simply because I was missing out on invites to stuff and these invites weren’t being sent out via email either.
  • Reply 4 of 7
    peterhartpeterhart Posts: 162member
    In the past few months, random spam texts have been coming to my phone number. I do not want to change it as it is tied to many accounts, bills, and activities. I sometimes wonder where it stemmed from and reading articles such as this only strengthen the argument to quit social media applications. 
    CluntBaby92watto_cobra
  • Reply 5 of 7
    Scumbags. 
    watto_cobra
  • Reply 6 of 7
    StrangeDaysStrangeDays Posts: 13,101member
    In an email about the leak that Facebook accidentally sent to Dutch publication DataNews, the firm instructed public relations staff to "frame this as a broad industry issue and normalize the fact that this activity happens regularly."

    ....wow. that says it all, really. what scumbags
    watto_cobra
  • Reply 7 of 7
    Made the decision not to use Facebook in 2007, and became 100% convinced when Microsoft purchased 1,6% for USD 240 mill same year, and the value of each user became known. It was just no way there could be any privacy with those figures in mind.
Sign In or Register to comment.