Belgian Hacker: I Can See Your Private Phone Number on Facebook

  • by: Maarten Schenk

Belgian security researcher Inti De Ceukelaire claims he discoved a method to figure out the phone numbers associated with many Facebook accounts, even when these phone number are not set to be displayed in public by the account owners. This is not the first time De Ceukelaire discovered a serious privacy leak in Facebook: in the summer of 2016 he found a way to spy on the links being shared by users of the social network site.

During several interviews with Belgian media outlets De Ceukelaire claimed he discovered a way to abuse a feature that allows people to be looked up by their phone number. Many Facebook accounts can be found by searching for the phone number associated with them (this setting is enabled by default). Doing the reverse is normally not possible but De Ceukelaire claims he found a way to do it even when those numbers are not set to be displayed in public.

So far De Ceukeleire has not made his method public in order to give Facebook time to patch this security hole. Facebook from their side already told him they don't consider the issue serious enough to fix. According to Facebook it would take too many tries to find out any useful information by abusing the search function and they are already countering this by rate limiting the number of requests users can make. It would take months to try all phone numbers according to Facebook. De Ceukelaire says his actual method only takes 30 minutes for a single account.

De Ceukelaire has said in an interview he is planning on releasing the exploit in the wild if Facebook keeps refusing to patch the vulnerability.

Right now there is no 100% certain method to protect yourself from this method but you can limit the number of people who can use it to find out your number by going into Facebook's privacy settings and changing the option for who can look you up using the phone number you provide to 'Friends' only. That way if somebody steals your number using this method at least you'll know it was one of your friends...

lookup.jpg


  Maarten Schenk

Maarten Schenk is the co-founder and COO/CTO of Lead Stories and an expert on fake news and hoax websites. He likes to go beyond just debunking trending fake news stories and is endlessly fascinated by the dazzling variety of psychological and technical tricks used by the people and networks who intentionally spread made-up things on the internet.

Read more about or contact Maarten Schenk

About Us

International Fact-Checking Organization EFCSN Meta Third-Party Fact Checker

Lead Stories is a fact checking website that is always looking for the latest false, misleading, deceptive or inaccurate stories, videos or images going viral on the internet.
Spotted something? Let us know!.

Lead Stories is a:


WhatsApp Tipline

Have a tip or a question? Chat with our friendly robots on WhatsApp!

Add our number +1 (404) 655-4223, follow this link or scan the image below with your phone:

@leadstories

Subscribe to our newsletter

* indicates required

Please select all the ways you would like to hear from Lead Stories LLC:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.

Most Read

Most Recent

Share your opinion