Earlier this month, someone released a data set of 530 million Facebook users’ personal information on hacker forums. The company subsequently admitted that there was this data leak, but said it would not notify users affected by the vulnerability.
Although Facebook said it had fixed a vulnerability that allowed hackers to scrape data from the social platform, a security researcher discovered another vulnerability. This vulnerability allows hackers to scrape email addresses from Facebook.
In a video shared with Motherboard, the person pointed out that if users set their privacy to something other than “Only Me”, then the tool used to exploit the vulnerability can scrape email addresses. In addition, the person also pointed out that the vulnerability has been reported to Facebook, but they have not fixed it.
Join Our RealMi Central Channel On Telegram
In response, Facebook tried to position it as a minor incident and admitted that the vulnerability has not been fixed:
It seems that we closed the bug bounty report by mistake before forwarding it to the relevant team. We thank the researchers for sharing information and are taking initial actions to alleviate this problem, and we are also following up to better understand their findings.
Alon Gal, a security researcher and CTO of cybersecurity intelligence company Hudson Rock, shared more information about the vulnerability, including a proof-of-concept video showing how to extract a user’s email address from Facebook.
If you like our news and you want to see such news even further, then follow RealMi Central on Telegram (RealMi Central, Xiaomi, Apple, Realme, RMC Gaming, Samsung, Microsoft, OnePlus, Huawei/Honor, Android 12), Twitter, Facebook (Page) (Group) & Instagram.