We use it every day, it is an integral part of our lives and for more than a decade now, it has grown to become as important to us as the coffee in the morning and brushing your teeth. Can you imagine a world without Facebook?
Neither can we.
But the social media giant has its own vulnerabilities and bugs to fight with, and more than once it was standing at the edge of becoming compromised and hacked.
One of the vulnerabilities reported looks and feels more like identity theft than deep – dive hacking. The technical director or SALT.agency, Reza Moaiandinm has discovered a flaw in the Facebook API (which developers can access): By running all potential phone number combinations through a script, the API potentially allows access to the rest of customer’s data. Facebook argued that this information may be publicly available anyway, but it does have a sour taste to it and the response Facebook gave did seem a bit blasé about it.
Identity theft is a serious issue, and in today’s world, an online identity is as good as your ID or Passport or Social Security number. It can literally make or break your real life.
Facebook is keen to offer people to point out issues to them a channel to get in touch but the blog above sends a very different message as to how they potentially deal with security risks that do not appear to be important or threatening enough to Facebook’s own.
And to keep your own account secure does not really work as easily as you’d hoped. Sure, it’s password protected, but that is not enough at all. All you need is three friends of the victim willing to work with you, send a code to them and you’re in. You do not need to be a hacker to do this. Just a really lousy friend.
Keylogging is another method that can be used.
It would breach the intention of this blog post to go deeper into the hundreds of thousands of proposed “hacks”, some of which are on a huge scale, like the one SALT.agency reported.
The message to take away is, while sharing is a good thing and social media is a good thing, and connecting is a good thing… it is not a good thing to do this without caution. Don’t post your phone number on the network, don’t connect with “friends” you don’t really know. Don’t forget your common sense.