Facebook privacy issues continue to surface and a recent one has many of us, including me, quite nervous. Facebook settings give us the option of allowing people to look us up via our Facebook profiles. A couple of days ago, Suriya Prakash posted the steps he took to access (non-friend) Facebook full profiles. He wrote a script (software programming code) to cultivate a list of Facebook users who intentionally or unintentionally allow their Facebook information to be obtained by the general public.
The script generated Facebook user names connected to their phone numbers. Prakash calculated that a person with a large enough botnet* (Definition link below. Click here to go to Prasash’s blog) and a slightly better script would need only a couple of days to download all Facebook’s users who have mobile numbers associated with their accounts. He estimated at least 500 million profiles would be vulnerable. On October 4th, Facebook announced it has 1 billion users so his estimates may be low.
(*Definition of botnet)
Connecting phone numbers to names is an advertiser’s dream come true and lists such as this can be sold profitably on the black market. The breach of privacy is clear. That said, there are circumstances where we intentionally choose to have our names and numbers publicly displayed, often for business purposes. However, if you do not fall into that category, here are 2 sections to verify to protect yourselves:
1. Go to your Privacy Settings (STEP I) (click Privacy Settings Link to go there directly or manually follow illustrations of STEPS I and II below) and edit “How you Connect.” (STEP II) Unless your Facebook page is exclusively set up for business, I recommend using the most restrictive settings.
Selecting “Friends” is the most restrictive choice for who can look you up via email address or phone number. The options regarding who can send you friend requests and Facebook messages are not as worrisome because you can always ignore a friend request or delete a message. If you want to avoid the awkwardness of ignoring friend requests from the general public, you can restrict that option to friends of friends but that may prevent people you know from connecting with you. I enjoy connecting via Facebook to people I’ve lost touch with over the years so I allow anyone to send me friend requests or to message me.
2. Make sure the information in your “About” section is at the correct level of privacy. Follow Steps I-III below.
STEP II – Click on “About” to get into your personal profile information
STEP III - Once you click on “About,” you can review all the information in that section and decide if there is too much information there or not. In particular, pay attention to the “Contact Info” section. Note I’ve listed a phone number but it has a lock symbol next to it which indicates only I can see it – my telephone number is not available publicly or even to my Facebook friends.
If they haven’t already done so, we can expect Facebook to fix this vulnerability but in the meantime, you can avoid unwanted access to your profile by following the steps above. It’s a good idea to occasionally verify all your Facebook Privacy Settings to make sure you are getting the level of privacy your want. Click on this link to get to a previous article that will take you through all your Privacy Settings and will allow you to access them directly from within the article if you are logged into your Facebook account.
If you have any questions or need any help checking your privacy settings, please let me know and I’ll be happy to guide you.
Until next time … Stay Cyber Safe