Facebook Backdoor Gives Clues To Private Email Addresses

by Adam Tanner, Contributor

If you forget your Facebook profile name, you can enter your name, email or phone number into a page called Find Your Account to find your Facebook profile and some alternative email addresses, which are partially obscured such as j*******s@yahoo.com.

The same technique works if you type in other people’s details. Then Facebook can act as a Caller ID and produce a photo, name or clues about a private email. That could help if someone telephones but does not leave a message, or if you want to find a private email address from a company email.

As a test I looked up Gary King, one of two dozen who hold Harvard’s prestigious title of University Professor. His email address is listed on his public webpage. A search of Find Your Account leads to his Facebook profile photo and revealing clues to his alternative email addresses.

I repeated the process for several other people. It did not find everyone– perhaps the telephone numbers or email addresses were not linked with Facebook — but in many cases it did, including for a well-known private detective in Las Vegas whose photo I was able to see.

“This is an interesting case where a feature aimed at giving users a better service actually exposes their private data,” said Michael Bar-Sinai, a software engineer at Harvard’s Institute for Quantitative Social Science where King serves as director.

He pointed out his privacy settings allowed only friends of friends – not everyone – to look him up with his email address or his phone number. Yet a search finds his photo, name and partial email addresses.

In many cases, “Find Your Address” would not reveal any startling information. However, often a little bit of personal information here and there allows outsiders to gain a far 

facebook2

more intimate portrait of us than we imagine. One chapter in my upcoming book tries to find a woman whose thumbnail-size image is posted on a Yelppage. Tiny clues in obscure places help reveal her double life on the steamier side of the Internet.

Asked about the information shown by Find Your Account, a Facebook spokesman who did not want to be named said: “Certain information on Facebook—such as your name, profile photo, and networks (if you choose to add any)—is treated as public because it plays a crucial role in helping your friends and family connect with you. In this case, showing a profile photo helps people avoid accidentally initiating a password reset for the wrong account.”

This page describes what Facebook considers public information. Users can adjust their privacy settings with details given here to mask the name and photo from being visible in the password recovery process.

“If you use the password recovery feature to search for someone who has modified these settings such that you can’t look them up using this information, you will see only ‘Facebook User’ and will not be able to view their name, profile photo, or networks,” the spokesman said.

Still, the partial email address remains visible. So using his phone number, I looked up the spokesman via Find Your Account. His name and photo were not given, but I could easily guess what his private Gmail address is from the partially masked information. It showed the first letter of his first name, stars, and the last letter of his uncommon surname followed by @gmail.com.

“We show obscured email addresses in the password reset flow because our experience with helping many people recover their accounts over the years suggests that this information is important for helping people find the account recovery message we send,” he said. “Many people have multiple email addresses and don’t always remember which one is registered with Facebook.”

In the case of Professor King, his photo is available elsewhere and he posts his university email on his web page. His private email addresses – for which Facebook provided some clues — would be harder to locate. But he is relaxed about this information being visible.

King cited outgoing Microsoft CEO Steve Ballmer as someone who has made his email address public and referred to that fact in interviews. Ballmer “said he does the same and has no problems.  I get a lot of email, but just like he said, people tend to be respectful,” King said. “I sign out of every automated mailing, which cuts things down some.”

full story: http://www.forbes.com/sites/adamtanner/2014/01/17/facebook-backdoor-gives-clues-to-private-email-addresses/

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s