Facebook had a long way to go from the 2004 college student website to the giant corporation it is today. Even though Mr. Zuckerberg may be quite the brilliant mind, he can’t handle everything by himself: throughout time we, the users, have assisted Facebook in finding minor bugs and other potentially harmful vulnerabilities, contributing to a great extent to the improvement of their social media services. Although no one can deny how much the privacy and security features of Facebook have improved over the last decade or so, there is still some work to do; and most of it is related to protecting it from the constantly increasing security threats. In fact, these threats have become more complex and less easy to be busted, thus putting at risk those who are simply unaware of the severity of the situation.
Good Hackers vs Careless Companies
When it comes to hacking, the majority of people think of dark figures sitting in front of illuminated computer screens, being engaged in mysterious, downright evil activities. True, many hackers choose to follow a dark path and use their computing skills to get large amounts of money, either to annoy you or, in worse cases, to tear a company, even complete governments or countries apart . Fortunately, there are hackers who use these same skills for good and warn people about security flaws in web services, IoT toys etc., ultimately becoming security experts and researchers employed by top-notch enterprises.
Although some people still think that a hacker remains a hacker, the worthiness of the “light side” was proven once again, as Inti De Ceukelaire, a security researcher in Belgium, found a serious privacy flaw in a Facebook search application, which could be used to reveal private phone numbers. The process to acquire one individual’s phone number is rather tricky for less tech-savvy people, but De Ceukelaire explained that through a combination of 3 processes it is possible to accurately find the phone numbers of people using Facebook’s Graph Search. Although this trick only works in countries which have phone numbers with a maximum of 12 digits, the Belgian researcher was actually able to successfully obtain several politicians’ and celebrities’ numbers that were not displayed on their public Facebook pages in the first place.
Facebook was warned about this issue, but the company’s reaction was more than outrageous in what the severity of the situation is concerned: it stated that the problem can be easily solved by changing the privacy features in the “Who can look me up” setting. True, with this setting you can prevent unwanted eyes from spying on you, but the options for showing your phone number are limited to being shown to “Everyone”, “Friends only” or “Friends of friends”. In other words, whether you like it or not, at least one person in your friends list will definitely see your phone number.
Even though Facebook promised that the issue will be fixed in the near future, the company does nothing more than providing the above advice to prevent the abuse of this security flaw at the moment, which left De Ceukelaire more concerned than before.
A Problem for All Big Corporations
An even bigger problem is that Facebook largely underestimates the above privacy flaw, even though it is widely known that the bigger a company is, the larger the target becomes. It doesn’t make sense at first, but once a company the size of Facebook has the power and money to acquire other smaller companies, your data immediately falls into its dirty hands and said company won’t hesitate for a moment to sell the acquired data for marketing purposes. In other words, say hello to good old, awfully annoying targeted ads. For this reason, Facebook is under continuous attacks by various countries, especially those from Europe. Remember, we already discussed WhatsApp’s unauthorized information sharing scandal, which resulted in actions being taken against the company in Germany.
Despite all of the above, big corporations are at least trying to make web surfing more secure. Facebook in particular has been keen on rewarding users who contribute to a safer social network: last October the company paid a Russian web app security researcher a $40,000 bounty for finding a very serious remote code execution bug. Nonetheless, a big problem can start from a small detail and, as this phone number case just showed, there’s constantly the need for improvement.
Best VPN Services of 2018