Facebook is one of the most powerful and reliable social networking website. It allows users to interact with other users after being friends with one another. Facebook allows users to make the friend list public or private. If it is made private, your friend list won't appear on your publicly viewable profile.
Irene Abezgauz, a security researcher from the Quotium Seeker Research Center has found a vulnerability in Facebook website that allows anyone to see a users’ friends list, even when the user has set that information to private.
The exploit is carried out by abusing the 'People You May Know' feature on Facebook, which suggests new friends to users. It suggests friends to you based on mutual connections and other criteria such as work or education information.
This Hack is really very simple! All a hacker would have to do would be to create a fake Facebook profile and then send a friend request to their target.
Even if the targeted user never accepted the request, the hacker could see that person’s friends via the “People You May Know” feature.
But Facebook said that that a hacker would have no way of knowing if the suggested friends represented a user’s entire list.
She explained and replied the Facebook,“I could see hundreds of suggestions. So, you know what, it’s not all of them. It’s 80 percent, so what. There’s a reason why I made my friends list private and I don’t want people from the internet just looking at who my friends are.”
For now, Facebook hasn't recognized the her finding, but we hope that they will take users' privacy seriously by considering it again to patch the issue.
Update: Mohamed Ahmed, a Security expert from Sudan had reported the exact same flaw to The Hacker News team, back in the month of June. He also had reported to the Facebook team, but according to him they even didn't reply him yet.