Commexis Cast Daily – Mar. 26, 2018: Researchers Find New Facebook Vulnerability

Today’s Commexis Cast discusses a new vulnerability in Facebook’s custom audiences tool found by researchers at Northeastern University. Ginny Marvin reports for Search Engine Land that the vulnerability lies within the audience reach estimate portion of the tool. According to Marvin and the researchers there is a rounding metric within the tool. When uploading a set of e-mails that perfectly hit the center margin, the next e-mail added to the list can be used as a “victim” to determine various pieces of information about the user.

Marvin gives the example of determining gender. If her e-mail was added to the rounded list and a researcher checked “female”, the list would round up. If “male” was checked, the list wouldn’t move, thus determining the gender of the e-mail users. There are approximately 1,200 targeting attributes that can be determined using this method.

Phillip and Matt discuss the likelihood of someone attempting to use this data. Phillip points out that some of the date is more easily accessed in other places, and this method would require a lot of effort to obtain the information. Matt, on the other hand, argues that a bot network could easily go through and check off the different factors and thereby gather 1,200 characteristics of each e-mail provided. While this isn’t quite on the scale of Facebook’s current worries following the Cambridge Analytica scandal, it’s certainly one more slam against the social network.

Mary Ku, product management director at Facebook, said in a statement, “We’re grateful to the researchers who found this issue, and we’ve suspended this feature to fix it. People’s privacy and security is incredibly important to Facebook, which is why we take any potential abuse of our service very seriously.”

Going forward, Facebook will not be showing potential reach numbers in their custom audience tools. In addition, Facebook says they could not find evidence that their tools where used in this fashion, though they intend to investigate the matter.

Today’s cast: Phillip Brooks (Commexis Lead Strategist) and Matthew McGrorty (Commexis Videographer/Podcaster).

Join the Commexis team as we add context to these stories for the busy CMO. All the news you need to know–from our inbox to yours.

Tune in to more of the Commexis Cast Daily by checking out our YouTube and Soundcloud.

Join the Commexis mailing list