Facebook has announced that it has fixed bug on the platform that could have been used by spammers to steal the full name and photograph of a Facebook user by simply entering an e-mail ID and a wrong password.
According to Secfence Technologies's Atul Agarwal, when a user's e-mail ID was entered with a wrong password on the log-in page, the website presented an 'Incorrect password' page along with a full name and profile photo of the Facebook user.
This flaw could have been used by spammers to link random e-mail IDs with Facebook users, thereby procuring their full names and profile photos.
The attackers could have also used the information to engineer targeted phishing attacks on Facebook users.
Writing on the Secfence blog, Agarwal wrote: “Facebook users have no control over this, as this works even when you have set all privacy settings properly. Harvesting this data is very easy, as it can be easily bypassed by using a bunch of proxies.”