Do you have your phone number listed on Facebook? If so, then you might want to think again: a recent study shows that someone can learn a lot about you simply by typing your phone number into Facebook.
Facebook has always encouraged users to add their phone numbers to their profile. But after doing that, anyone can find you by typing your phone number into the search bar.
To prove that point, an engineer sent millions of randomly-generated numbers into Facebook’s API and received personal data from millions of users.
That engineer is named Reza Moaiandin and he is the technical director of Salt.agency, a UK IT firm.
Reza created a script that created every possible number combination in Canada, the US, and the UK. Then, he sent those numbers into Facebook’s API to receive data from millions of unobstructed user profiles.
Using this system, you can learn someone’s number as well as all the information they make public on Facebook.
In an interview, Reza called this a “security loophole” because anyone with the right knowledge can harvest this information then sell it – say, to advertisers.
There are even darker implications. Let’s say someone wants to chat to 18 year old girls from California over SMS. Someone could sell a package of 100 Facebook profiles with exposed phone numbers and then text those numbers for nefarious purposes.
Facebook actually responded to Reza. In an email to Daily Mail, Facebook claimed that:
“We do not consider it a security vulnerability but we do have controls in place to monitor and mitigate abuse.”
Facebook also claims that users can easily adjust their privacy settings to instantly prevent someone from finding them with their phone number.
Furthermore, accessing the Facebook API isn’t as easy as just opening it up and scanning through the database of millions of users. The Facebook spokesperson claimed that developers are subject to strict rules and that Facebook can – and has – taken action against developers who abuse those roles.
Hiding your number on Facebook is very easy. Open Facebook and click on the “down” arrow in the far top right corner of your screen. Click on Settings > Privacy.
You’ll see a menu that looks like this.
If you don’t want people to find you on Facebook using your email or phone number, then change your settings accordingly.
You can also prevent your profile from turning up on search engines while you’re at it.
Ultimately, Facebook is a “free” service where you’re the product being sold. If you don’t want to take 30 seconds of your time to lock down your profile, then Facebook isn’t really the one to blame here.