Steven Melendez reports:
A loophole in Facebook’s advertising targeting mechanism could have let attackers obtain users’ phone numbers after they visited websites the attackers controlled, a group of scientists revealed in a paper presented last week.
Facebook, which awarded the researchers a $5,000 bug bounty, has since taken steps to thwart similar attacks, and neither the company nor the researchers say they have any evidence the technique was ever used maliciously.
The potential attack, presented by researchers from Northeastern University and institutions in France and Germany at the Federal Trade Commission’s PrivacyCon, exploits the way Facebook allows advertisers to target ads to custom audiences.
Read more on FastCompany.