A data-scraping tool is able to link millions of Facebook profiles to email addresses even if users haven’t publicly advertised their address.
Alon Gal, the co-founder of cybercrime intelligence firm Hudson Rock, and technologist Ashkan Soltani have shared details about how someone has been able to use the tool to link five million email addresses to Facebook users.
Looks like there might be yet another *active* vuln that permits someone to reveal the private email addr of @Facebook users
The researcher claims the attack is similar to a previously disclosed/patched 'Page Role' vuln and that he's been able to harvest ~6000 accounts in ~3min https://t.co/1ADL3Eo1Fi
— ashkan soltani (@ashk4n) April 20, 2021
The news comes as Facebook faced a data leak earlier this month that led to the personal information of 533 million users information leaking online.
The leaked information includes phone numbers, locations, past locations, birth dates, email addresses and other personal data.
Regarding this latest security issue, the social media giant says it’s taking initial actions to address the findings.
“It appears that we erroneously closed out this bug bounty report before routing to the appropriate team,” a Facebook spokesperson told Motherboard. “We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings.”
It appears that the tool is currently available to hackers. Researchers note that the tool could lead to another large data dump.