Imagine the scenario.
You’re a woman in an abusive relationship with a man. Things have turned violent.
You leave the man, block his account on Facebook, and maybe even change your name legally as you want to start afresh.
You update your Facebook profile to reflect your new name.
Would you expect your ex-partner to be able to know what your new name is?
Common sense dictates that as you have blocked someone and *then* changed your name they wouldn’t be able to know that your profile has been updated to use a new name.
And yet, as one security researcher discovered, an unpatched flaw in the way Facebook handles account privacy allows precisely this to happen.
David Mathews, originally from Canada, currently based in London, contacted me a few weeks ago with his discovery that even if you block someone on Facebook your name remains dynamically linked to their profile.
In his example, demonstrated in the video below, an account with the name Daniella Smitherson blocks Jack Smitherson, and updates her Facebook profile with a new name (Sandra Halperson).
[embedded content]
“Daniella has blocked Jack, and that should be it. However, in Messenger, her new name is displayed in Jack’s chat session with her,” says Mathews. “Also, should he request a copy of his data via the Your Facebook Information link it display her new name there too!”
Mathews contacted Facebook about the issue last month, concerned that Facebook users could be put in potential danger through the security issue, and that Facebook itself might have left itself open to accusations of ..
Support the originator by clicking the read the rest link below.
