Just Because It's Trending Doesn't Mean It's True
Tech

Belgian Hacker: I Can See Your Private Phone Number on Facebook

  • by: Maarten Schenk
  • (Mon, 16 Jan 2017 15:41:09 Z)

Belgian security researcher Inti De Ceukelaire claims he discoved a method to figure out the phone numbers associated with many Facebook accounts, even when these phone number are not set to be displayed in public by the account owners. This is not the first time De Ceukelaire discovered a serious privacy leak in Facebook: in the summer of 2016 he found a way to spy on the links being shared by users of the social network site.

During several interviews with Belgian media outlets De Ceukelaire claimed he discovered a way to abuse a feature that allows people to be looked up by their phone number. Many Facebook accounts can be found by searching for the phone number associated with them (this setting is enabled by default). Doing the reverse is normally not possible but De Ceukelaire claims he found a way to do it even when those numbers are not set to be displayed in public.

So far De Ceukeleire has not made his method public in order to give Facebook time to patch this security hole. Facebook from their side already told him they don't consider the issue serious enough to fix. According to Facebook it would take too many tries to find out any useful information by abusing the search function and they are already countering this by rate limiting the number of requests users can make. It would take months to try all phone numbers according to Facebook. De Ceukelaire says his actual method only takes 30 minutes for a single account.

De Ceukelaire has said in an interview he is planning on releasing the exploit in the wild if Facebook keeps refusing to patch the vulnerability.

Right now there is no 100% certain method to protect yourself from this method but you can limit the number of people who can use it to find out your number by going into Facebook's privacy settings and changing the option for who can look you up using the phone number you provide to 'Friends' only. That way if somebody steals your number using this method at least you'll know it was one of your friends...

lookup.jpg

About the author:

Maarten Schenk is our resident expert on fake news and hoax websites. He likes to go beyond just debunking trending fake news stories and is endlessly fascinated by the dazzling variety of psychological and technical tricks used by the people and networks who intentionally spread made-up things on the internet.  He can often be found at conferences and events about fake news, disinformation and fact checking when he is not in his office in Belgium monitoring and tracking the latest fake article to go viral.

Read more about or contact Maarten Schenk

About Lead Stories

Lead Stories uses the Trendolizer™ engine to detect the most trending stories from known fake news, satire and prank websites and tries to debunk them as fast as possible. Read more about how we work and how we select stories to check here.

Spotted a hoax that you think we should investigate? Have a tip? Want to send us a correction? Contact us!

You can also follow us here:

Most read

Recent

Like or Follow us to get the latest!