Facebook has a loophole and you need to fix it


Reza Moaiandin, a technnical director found a security loophole on Facebook by mistake. If you search someone’s phone number on Facebook, you can see his/her profile. This is very worrying according to him and he explained it quite well. Apparently hackers can be able to get Facebook user ID’s by using Facebook’s API’s in bulk. Using a script, a hacker can discover Facebook accounts by running possible number combinations of lets say a whole country and sorting them with ones that are tied to a Facebook account.

The number associated will give give extra information about the account like images and so on.


This issue according to him affects all Facebook users where such phishing tactics would mean hackers could access your identity on Facebook and sell them on the black market. He alerted Facebook apparently on April this year but the person who replied did not get the same results

courtesy: Reza Moyaiandin
courtesy: Reza Moyaiandi

I was curious to see if this is true so I searched my phone number on Facebook and it displayed my profile. I also searched a friend’s phone number and the profile was shown. Fortunately, there is a simple fix any Facebook user can undertake to prevent this by going to Settings > Privacy >Who can contact me > Who can look me up > Who can look you up using the phone number you provided > Set it to Friends.

Reza told Digital Trends that “if you follow the steps outlined below from either a desktop or a smartphone, your phone number will not be visible to hackers trying to use a script, or any random person who happens to enter it in the Facebook search field.” He also gave advice to Facebook where they can fix the problem by “limiting the requests from a single user and detecting patterns before moving onto pre-encrypting all of its data.”

Source: Salt Agency Blog