Still reeling from a breach that impacted some 500 million Facebook users just two months ago, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public, Wired Reports.
A video circulating on Tuesday showed a researcher demonstrating a tool named Facebook Email Search v1.0, which he said could link Facebook accounts to as many as 5 million email addresses per day. The researcher—who said he went public after Facebook said it didn’t think the weakness he found was “important” enough to be fixed—fed the tool a list of 65,000 email addresses and watched what happened next.
The researcher said that Facebook Email Search exploited a front-end vulnerability that he reported to Facebook recently but that “they [Facebook] do not consider to be important enough to be patched.” Earlier this year, Facebook had a similar vulnerability that was ultimately fixed.
“This is essentially the same vulnerability,” the researcher says. “And for some reason, despite me demonstrating this to Facebook and making them aware of it, they have told me directly that they will not be taking action against it.”
Facebook has been under fire not just for providing the means for these massive collections of data but also for actively promoting the idea that they pose minimal risk to Facebook users. An email that the company inadvertently sent to a reporter at the Dutch publication DataNews instructed public relations people to “frame this as a broad industry issue and normalize the fact that this activity happens regularly.”