New Vulnerability has been discovered in facebook that allows an attacker to obtain all users credential on the social network website. By having the email address an attacker can get the name and pictures of victims.

The vulnerability can works regardless of the account privacy settings, this mean that even if your account hidden from all search engines it is possible to have the sensitive information.

The result of gathered information can be used for phishing attacks or any other issue.

According to the researchers if someone has a list of email address that he has no clue about. He can feed them to Facebook one by one (or in a list, using a script like this) and chances are that he’ll get more than 50% hits. Useful for phishing attacks (People will get more convinced when they see their *real* names).

Or an attacker can randomly generate email addresses and create a database with user’s names and pictures, which mean that you have no privacy and your information, can be easily found.
Update :
Facebook, in a statement sent to SCMagazineUS.com on Thursday, said the glitch has been fixed.

“We have technical systems in place to prevent people’s names and profile photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended,” Facebook said in a statement. “We remedied the situation swiftly.”

make sure you subscribe to my RSS feed!