If reports are to be believed, a new tool is circulating on underground forums that exploits a Facebook vulnerability to expose email addresses (opens in new tab) attached to user accounts.
A video of the tool in action was delivered to a number of cybersecurity professionals and later uploaded to YouTube by Alon Gal, co-founder and CTO of cybersecurity company Hudson Rock.
Earlier this month, Gal also lifted the lid on another Facebook data breach, which saw the account information of over 500 million users (opens in new tab) exposed online.
- Shield yourself with these best identity theft protection services (opens in new tab)
- Here’s our list of the best VPN services (opens in new tab)
- Also check our roundup of the best privacy apps for Android (opens in new tab)
Stolen emails
The individual who made the video claims the tool exploits an active front-end vulnerability in Facebook that the social media giant is already aware of. He adds that the tool is currently available “within the hacking community” and can apparently churn out up to five million email addresses per day.
Facebook was quick to acknowledge the vulnerability exploited by the tool, which had been marked as resolved accidentally.
"It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings," said a Facebook spokesperson.
However, the company has not publicly acknowledged whether the vulnerability has yet been fully remedied.
- Check our list of the best secure email providers (opens in new tab)
Via Motherboard (opens in new tab)