A recently discovered Facebook vulnerability has reportedly exposed the email addresses of millions of users, even those that have their information set to private.
Wired reports that just one month after Facebook’s phone number leak that revealed the personal details of 500 million Facebook users, a new tool has been developed that appears to allow hackers to link Facebook accounts with their associated email addresses.
A video recently posted online demonstrates a tool named Facebook Email Search v1.0 which the developer says could link Facebook accounts to as many as five million email addresses per day.
The researcher, who went public after Mark Zuckerberg’s company allegedly didn’t believe the weakness he found was “important” enough to be fixed, input a list of 65,000 email addresses into the tool and watched as the tool linked the emails to Facebook accounts.
“As you can see from the output log here, I’m getting a significant amount of results from them,” the researcher said. “I’ve spent maybe $10 to buy 200-odd Facebook accounts. And within three minutes, I have managed to do this for 6,000 [email] accounts.”
In a statement, Facebook said: “It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings.”
The researcher said that Facebook Email Search exploited a front-end vulnerability that he reported to Facebook but that “they [Facebook] do not consider to be important enough to be patched.” Facebook has a similar vulnerability earlier this year that was fixed.
“This is essentially the exact same vulnerability,” the researcher said. “And for some reason, despite me demonstrating this to Facebook and making them aware of it, they have told me directly that they will not be taking action against it.”
“I believe this to be quite a dangerous vulnerability, and I would like help in getting this stopped,” the researcher said.
Read more at Wired here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org