Facebook tells users that giving the company their mobile phone number will help keep their account secure. Until a few weeks ago, however, the social network’s self-service ad-targeting tools could be massaged into revealing a Facebook user’s cellphone number from their email address. The same flaw made it possible to collect phone numbers for Facebook users who had visited a particular webpage.
Facebook fixed the problems on Dec. 22, and paid a “bug bounty” of $5,000 to the team of academic researchers from the US, France, and Germany who had reported the problem at the end of May.
The potential to access users’ phone numbers was a clear breach of Facebook’s data-use policy. It states: “We do not share information that personally identifies you … with advertising, measurement or analytics partners unless you give us permission.”