Skip to main content

Facebook snafu exposes millions of private email addresses

Facebook
(Image credit: Shutterstock)

If reports are to be believed, a new tool is circulating on underground forums that exploits a Facebook vulnerability to expose email addresses attached to user accounts.

A video of the tool in action was delivered to a number of cybersecurity professionals and later uploaded to YouTube by Alon Gal, co-founder and CTO of cybersecurity company Hudson Rock.

Earlier this month, Gal also lifted the lid on another Facebook data breach, which saw the account information of over 500 million users exposed online. 

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Stolen emails

The individual who made the video claims the tool exploits an active front-end vulnerability in Facebook that the social media giant is already aware of. He adds that the tool is currently available “within the hacking community” and can apparently churn out up to five million email addresses per day.

Screengrab of the tool extracting email addresses from Facebook user accounts

(Image credit: Alon Gal)

Facebook was quick to acknowledge the vulnerability exploited by the tool, which had been marked as resolved accidentally.

"It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings," said a Facebook spokesperson.

However, the company has not publicly acknowledged whether the vulnerability has yet been fully remedied.

Via Motherboard