A new tool that links email addresses to Facebook accounts has been circulating since Tuesday, April 20.
The tool shows users which email addresses are linked to which Facebook accounts — even when users opted to keep their emails private, and can allegedly do so on a mass-scale of millions of email addresses a day, as co-founder and CTO of cybercrime intelligence firm, Hudson Rock, Alon Gal wrote on Twitter.
The new vulnerability comes shortly after Facebook suffered a privacy breach earlier this month when 500 million user credentials were leaked, including CEO Mark Zuckerberg's information.
Gal, who was tipped off about the new vulnerability by an anonymous source, was stumped after Facebook apparently told him they wouldn't fix the issue, even though they know about it.
The source mentions that a tool that utilizes the vulnerability is being actively exploited to generate tens of millions of matched profiles a day and is appended to the existing 533m Facebook phone numbers leak to create one massive database for malicious purposes.— Alon Gal (Under the Breach) (@UnderTheBreach) April 20, 2021
What Facebook did say, according to Ars Technica, is this: "It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings."
Gal decided to take matters into his own hands by posting a short YouTube video of the alleged tool quickly working away through email addresses and Facebook accounts, as well as posting a number of Twitter comments highlighting the vulnerability.
As a Vice report said, the tool is apparently currently available within the hacking community.
It's unclear what next steps will be taken by Facebook, but hopefully, this information won't fall into the hands of hackers looking to do some serious harm.