• Data Protection

  A Facebook bug exposed Instagram users’ personal email addresses and birthdays

  Posted by Unknown Member on 24 December 2020 at 10:04 am

  When signing up for an Instagram account, the service promises that your email and birthday won’t be publicly visible. A bug discovered by security researcher Saugat Pokharel, however, made it so that an attacker could easily get that private information. The bug, which was patched after being reported to Facebook, was exploitable by business accounts that were given access to an experimental feature the company was testing.

  The attack used Facebook’s Business Suite tool, available to any Facebook business account. The experimental upgrade meant that if a Facebook business account was linked to Instagram and was included in the test group, the Business Suite tool would show additional information about a person alongside any direct message — including their supposedly private email address and birthday. All business users had to do was send a direct message on Instagram to call up the information.

  Pokharel found that the attack worked on accounts that were set to private and accounts that were set to not accept DMs from the public. If an account did not accept DMs, the user potentially would not receive any notification indicating their profile may have been viewed.

  Once again facelessbook has spat on the privacy of its users and expect them to shut and do nothing, without users, they would be nothing.

  Unknown Member replied 4 years, 7 months ago 1 Member · 0 Replies
• 0 Replies

Log In to Reply