How to Check Facebook Email

How To Check Facebook Email - When you sign-up for a social media network you anticipate it to keep its personal privacy guarantees. For example, if you inform the social media not to expose your e-mail address to any other members, you anticipate it to stay private.

How To Check Facebook Email

But a security researcher has detailed how he found a method to discover * any * Facebook user's primary email address, regardless of their personal privacy settings, by exploiting a weakness on the social media network.

Security scientist Stephen Sclafani described how he stumbled throughout the personal privacy hole while ambling through some old mailing lists.

Among the messages he came across contained a Facebook invite pointer e-mail, apparently sent out by mishap when the user made the mistake of following Facebook's advice to welcome their whole contacts list to the social media:

What is interesting is the clickable URL at the bottom of the invite message.

When Sclafani clicked on the link, he was required to a Facebook register page currently filled out with the subscriber list's address and the name of the individual who used the link to sign up for an account:

Sclafani took a closer look at the link, and found something interesting:

Simply puts, if you replaced that part of the "mid" criterion with the hex worth of a different Facebook users' mathematical profile ID, you would be revealed their primary email address.

Facebook profile IDs aren't secret. You can get them quickly by means of websites like Find My Facebook ID or from Facebook's own profile directory.

Undoubtedly, it's possible to picture how somebody thinking about grabbing the email address of * every * * single * Facebook user might write a script to trawl the profile directory site, turn each ID into hex, and after that use the modified URL to ultimately scoop up each address.

It's easy to imagine how a database of such email addresses could be abused.

Thankfully, Stephen Sclafani has some principles. And instead of attempt to make a big splash by releasing details of Facebook's embarrassing defect, he decided to divulge it responsibly to the social media. Sclafani says that Facebook repaired the flaw within 24 Hr, and rewarded him $3,500 for his efforts under their Bug Bounty program.

Facebook certainly seem grateful that he acted in the way he did, telling me:

Well done to Sclafani for finding the flaw and acting properly. And - although it would have been better if the privacy loophole hadn't existed in the first location - well done to Facebook for repairing it so quickly after being informed.

If you are on Facebook, and wish to be kept updated with news about security and personal privacy risks, and ideas on How To Check Facebook Email, join the Graham Cluley Security News Facebook page.