October 14, 2012 by NewsReputation
— The Next Web (@TheNextWeb) October 10, 2012
Extracts of the news
On Friday, a researcher by the name of Suriya Prakash claimed that the majority of phone numbers on Facebook are not safe. It’s not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook’s600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort.
Facebook has confirmed that it limited the Prakash’s activity but it’s unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed.
Let’s rewind a bit. Prakash explains how he stumbled on the idea for his exploit back in September:
About a month ago I was just browsing FB on my FB mobile application and it had an option called “Find friends using contacts” ,what it does is that it compares the contact list from your phone to the FB database to see if you have any friends that are in your contacts but not on your Facebook account. I also later figured out that simply “searching” a persons phone number (Including country code) will show you their account.
In other words, all you have to do is pick a random phone number, search for it on Facebook, and if the owner allows you to (and Prakesh argues that most people do because Facebook’s privacy settings are confusing), you’ll see their profile, which typically includes at least their name and profile picture, if not more information. If you write code to automate the task, as Prakash did, you can create a phone book of everyone who lets you look them up on the social network with just a phone number.
I asked Facebook to confirm that it had a working limiting system before this script came to light. “Yes, there were limits in place, and we subsequently made them more sensitive,” a Facebook spokesperson confirmed with The Next Web.
While Facebook and Suriya disagree on when he started getting blocked, at least they agree in that he was eventually limited. As for what the script was exploiting, Facebook gives this explanation:
The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page.
We’re writing up a quick guide explaining how to protect yourself from having your phone number collected from your Facebook profile and we will update you when it’s live.