Yahoo Finance Hacking tool lets anyone link your email address to your Facebook account
There are renewed fears over the privacy of Facebook users after security researchers discovered a tool used by cyber criminals to link people’s private email addresses to their Facebook accounts.
The software scans lists of tens of thousands of email addresses and searches Facebook’s site to discover the profiles linked to the email addresses, giving criminals a quick and easy way to compile people’s details for future scams.
The tool appears to be able to link email addresses to Facebook accounts even if the Facebook user has chosen not to publicly display their email address on their profile, Motherboard first reported.
Criminals have used the tool to find Facebook users who run large pages or groups on the social network to target them with misleading emails that could trick them into handing over access to their Facebook accounts, a tipster who alerted security researchers to the software claimed.
Looks like there might be yet another *active* vuln that permits someone to reveal the private email addr of @Facebook users
The researcher claims the attack is similar to a previously disclosed/patched 'Page Role' vuln and that he's been able to harvest ~6000 accounts in ~3min https://t.co/1ADL3Eo1Fi— ashkan soltani (@ashk4n) April 20, 2021
They claimed that the software is being used by criminals to match tens of millions of email addresses a day to Facebook profiles.
This new source of data risks being compiled with a leaked database of 533m Facebook users that originated in 2019 and included people’s phone numbers. These databases can be sold online to scammers, with the more information available on targets sending the prices of databases higher.
“As the scraping of public data issue ramps up, this is yet another blow for Facebook and I’m not sure how many more it can take before people completely lose all trust in the network,” said Jake Moore, a cyber security specialist at ESET. “The potential is that people could be targeted with spear phishing attacks or via forms of social engineering.”
“Once this gets out into the more wider domain, this could be damaging for people who want to remain disconnected from certain people such as ex partners or other people they do not want contact with,” he added.
A Facebook spokesman said the company is now looking into the tool. “We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings,” he said.
