Facebook snafu exposes millions of private email addresses

Facebook acknowledges it failed to act on a bug bounty report

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If reports are to be believed, a new tool is circulating on underground forums that exploits a Facebook vulnerability to exposeemail addressesattached to user accounts.

A video of the tool in action was delivered to a number of cybersecurity professionals and later uploaded toYouTubeby Alon Gal, co-founder and CTO of cybersecurity company Hudson Rock.

Earlier this month, Gal also lifted the lid on another Facebook data breach, which saw the account information of over500 million usersexposed online.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Stolen emails

Stolen emails

The individual who made the video claims the tool exploits an active front-end vulnerability in Facebook that the social media giant is already aware of. He adds that the tool is currently available “within the hacking community” and can apparently churn out up to five million email addresses per day.

Facebook was quick to acknowledge the vulnerability exploited by the tool, which had been marked as resolved accidentally.

“It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings,” said a Facebook spokesperson.

However, the company has not publicly acknowledged whether the vulnerability has yet been fully remedied.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaMotherboard

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members