Whatever you are either Facebook user or Twitter or linkedIn .. etc, You do share your pictures, videos, and make private messages. 


And beacuse you share private data, you should make a good security for your account, in order to protect it from hackers. 

Hacking is not only to steal your credentials, and this happened after hackers gathered private details about you, such as your birthday, full name, living place, and your mobile number. so to protect your account you should hide your personal details from strangers, even from social friends you dont know, because if a hacker want to hack into your account, he first will gather some information about you, if he failed he will try to be a friend with you, using social engineering is enough to let you give your personal detials. 


Anyway, my article here is to give you a notice about how much your social account security is important, because when you create a social account it wont be secure, you should follow steps to make it secure. i will show you a proof of concept about how i can collect private details and use them for my benefits .


Social media websites mostly asked you to use 2 verification steps, by saving your mobile and text you for your second login code. in this way many or to be more clear millions of social media are not aware of how much important to hide their mobile numbers .


My latest researches on Facebook, i found that millions of users are not hiding their mobile numbers, hiding their mobile numbers means that they make it reachable by public searches.

Though i used a loophole ("Not a Facebook Vulnerability") to generate millions of users list and their mobiles.  Actually i think this loophole should be coded in different way by Facebook security team, instead of making the default privacy settings to Public, it should be Friends . 


Direct link for the above picture Settings : https://www.facebook.com/settings?tab=privacy&view


You may fined that the above settings is different than your Facebook account settings, if so you should change them, for the search engines linked to your timeline, it is up to you . but for sure you should hide your email address and mobile number from being reached by public searches . 


I used the above settings to collect millions of users profiles and their mobile numbers. This POC video shows a chrome extension i developed : 


Follow my official Facebook page : http://fb.com/khalil.shr i may release the above extension later . 


This  extension could be used for those who works with e-commerce, it can do

1- Disclose users mobiles numbers 

2- It will send automatic friends requests, you can insert a USA or UK mobile number and the extension will send friends requests to people from the selected career country.



Let me know what you think about this?! type in comment . 

thank you for reading, do not forget to share this article with your friends, keep them secure .