Irene Abezgauz, Quotium Seeker Research Center identified a security flaw in Facebook privacy, the vulnerability allows any one to see the friend list of any user on facebook, even its set to private.
Facebook machanism 'People You May Know', which is the mechanism by which Facebook suggest new friends to users.
Inshort, just about anyone on the internet can find out who your friends are, even if you've made your friendships private. they simply need to create a fake Facebook profile and send friend request to vicitm, even if victim don't respond to your Friend Request, you can get list of all vicitm friends, in 'People You May Know' feature.
Abezgauz revealed the vulnerability at AppSec USA 2013, a Security Conference in New York, Facebook told Abezgauz that a attacker would have no way of knowing if the suggested friends represented a user's friend list. However, Abezgauz says that is beside the point, 'I could see hundreds of suggestions, " she said." So, you know what, it's not all of them. it's 80%, so what there's a reason why i made my friends list private and i don't want people from the internet just looking at who my friends are."
Since this vulnerability renders the privacy control to hide friends lists from other users irrelevant, we hope Facebook will change its mind and this flaw will be addressed.
Facebook machanism 'People You May Know', which is the mechanism by which Facebook suggest new friends to users.
Inshort, just about anyone on the internet can find out who your friends are, even if you've made your friendships private. they simply need to create a fake Facebook profile and send friend request to vicitm, even if victim don't respond to your Friend Request, you can get list of all vicitm friends, in 'People You May Know' feature.
Abezgauz revealed the vulnerability at AppSec USA 2013, a Security Conference in New York, Facebook told Abezgauz that a attacker would have no way of knowing if the suggested friends represented a user's friend list. However, Abezgauz says that is beside the point, 'I could see hundreds of suggestions, " she said." So, you know what, it's not all of them. it's 80%, so what there's a reason why i made my friends list private and i don't want people from the internet just looking at who my friends are."
Since this vulnerability renders the privacy control to hide friends lists from other users irrelevant, we hope Facebook will change its mind and this flaw will be addressed.
