Jump to content

facebook : exposed contact information


r4id

Recommended Posts

Posted

Hi, everyone

at the beginning of the year I found myself in the situation where I found contact information, which belongs to me, on someone else's profile.

this information however was set to being only visible to me and apart from that i knew the person but did not have any relation to that person.

also interesting is, that as soon as i saw that, the information was already removed from that profile.

Not saying i am an expert in this field but i am working in IT and have a somewhat good understanding and sense for security. therefor i would say i am taking good care about my privacy and security. 

i never lost access to my account during this occurance and the activity logs looked clean. obviously someone who gained access to my account would remove such tracers. the only information that the suspect might have had was my name and my mobile number.

i am not asking for a guide to replicate that, however i would really like to now how much expertise would be needed to archive something like that and if there are tools out there which would provide such visibilty to someone's information.

kind regards

Posted

@Irukandji the email address i am using for facebook has not been pwned and i am affraid, that it was not that easy.

as i said the only information the suspect might have had access to prior to getting into my account were my name and my phone number. i might as well add, that my friends list is also small enough to keep an overview of that.

Posted

so not knowing any details about this, because i just learned about it, it looks like a so called SS7 attack would have been possible. The only information that would be required for that, would actually be only the phone number. by the end of the day it would be a MIM attack. in regards to facebook, as an attacker someone would have been using the "forgot account" function on facebook using the victims phone number ending up getting the code to log into the account via SMS. i dont know if that would still be possible or was possible at the time but to me it sounds like a rather sophisticated attack and not like something a hobby hacker or enthusiast would attempt.

any opinions on that?

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...