Sign up to our newsletter
The latest security news direct to your inbox
A hacker has used Facebook’s new Graph Search to compile a database of telephone numbers for thousands of site users – and ignited a privacy row with the social network.
Facebook has issued Brandon Copley, a mobile developer in Dallas, Texas, with a cease and desist order, according to a report by Techcrunch. Copley argues that the easy availability of the information invades users’ privacy. Copley used Facebook’s new Graph Search function to “match” users against a list of 2.5 million phone numbers he downloaded from the social network.
The row follows Facebook’s admission of a security breach which exposed details such as emails and phone numbers for six million site users for up to a year.
“Facebook is denying its users the right to privacy by allowing our phone numbers to be publicly searchable as the default setting,” Copley told TechCrunch in an interview.
“This means that anyone with my number knows my Facebook contact information. I may have not told my future employer about my Facebook account, but if I called them on my cell phone they can now know how to find me on Facebook.”
Copley reported the issue to Facebook earlier this year, saying, “There is a security vulnerability that allows someone to essentially create a database of phone numbers and Facebook users.”
Copley since claims his account has been banned, and he received a letter from Facebook’s lawyers saying, “you are unlawfully acquiring Facebook user data. It appears that you are accessing Facebook through automated means and stealing Facebook access tokens in order to scrape data from Facebook’s site without permission.” The legal letters demanded copies of Copley’s data.
“Your Facebook privacy settings govern who can find you with search using the contact info you have provided, such as your email address and phone number,” said a Facebook representative. “You can modify these settings at any time from the Privacy Settings page.”
Facebook says, “Graph Search does not reveal any new information about you or change any of your existing Facebook privacy settings. Search results follow privacy settings, set by the owner of the content. For example, you can control what you share on your timeline, and who you share info with.”
Author Rob Waugh, We Live Security