Facebook Inc. (NASDAQ:FB) has been well-documented with security and privacy issues as it has tried to navigate that hairline between having an open Internet for collaboration and communication, while trying to keep personal data of users confidential. And based on several reports and investigations in the U.S. and Europe, Facebook Inc. (NASDAQ:FB) seems to be doing better on one side than the other. This might just be a headache for investors in Facebook Inc. (NASDAQ:FB) stock, like billionaire fund manager George Soros of Soros Fund Management.
Recently, another possible issue came forth in the privacy and security realm for Facebook Inc. (NASDAQ:FB) when a “self-proclaimed security enthusiast” found profiles just by using a person’s phone number – supposedly one of those pieces of data that Facebook hides from other users unless the user opts to show it.
The Facebook Inc. (NASDAQ:FB) vulnerability was discovered by Suriya Prakash, who accessed Facebook from his mobile device, and he found the exploit through the Web site’s mobile portal instead of its main PC portal. As he described it: “About a month ago I was just browsing Facebook on my Facebook mobile application and it had an option called ‘Find friends using contacts’ — what it does is that it compares the contact list from your phone to the Facebook (FB) database to see if you have any friends that are in your contacts but not on your Facebook account,” Prakash said. “I also later figured out that simply ‘searching’ a person’s phone number (including country code) will show you their account.”
To be able to enter a random phone number and find the entire profile of a Facebook Inc. (NASDAQ:FB) user is one thing, but then Prakash said he was able to create a script that allowed him to gather a list of personal phone numbers from Facebook’s database. Prakash ran the script for four straight days through Facebook’s mobile site and it worked every time until Facebook Inc. (FB) finally caught on and blocked the script.
“Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked,” said a Facebook Inc. (NASDAQ:FB) spokesperson. “We are constantly updating these systems to improve their effectiveness and address new kinds of attacks.”