Brandon Davenport Aug 11, 2010 Follow Me Follow Me Follow Me Follow Me Follow Me Follow Me Follow Me Follow Us Geek Culture, Internet, breaking, ★Featured Post

A recent Facebook exploit has surfaced revealing everyone’s full name, profile picture and dignity. Right now, Facebook’s login system allows hackers to use a sneaky method in which they index random email adresses, and pick out the first and last names from the contact information. Then they brute force through Facebook’s login exploit to match the user info with the corresponding email address, even when users have configured their accounts to make that information private.

The information leak can be poked at by social-engineering scammers, phishers, or anyone who has ever been devious enough to want to know their victims. If the random email address belongs to any one of the 500 million active users on Facebook, the website will return the full name and picture associated with the account, this giving the spammers a face to follow.

Facebook users have no control over this, as this works even when you have set all privacy settings properly. Harvesting this data is very easy, as it can be easily bypassed by using a bunch of proxies — Atul Agarwal of Secfence Technologies

Obviously Facebook is developing fixes as I type, but I can’t help to wonder about all of the information these hackers have managed to gather. If you’re really paranoid, feel free to use a dummy avatar and fake name until the exploit is fixed.