Hackers use a software called Facebook Email Search v1.0 to reveal millions of Facebook user email addresses, even if the addresses are private.
This user data, combined with the 553 million phone numbers that leaked from Facebook a few weeks ago, can help hackers access accounts or create a database with personal information of Facebook users.
Facebook Email Search v1.0 exploits a front-end vulnerability on the Facebook website. It automatically associates user IDs with their associated email address, allowing only one hacker provide about 5 million email addresses a day. Facebook says it fixed an almost identical vulnerability earlier this year.
In an interview with Ars Technica, an anonymous researcher claims that he sent the vulnerability to Facebook, but the largest social network chose to ignore the issue. Facebook told the researcher that it "does not consider [the vulnerability] to be significant enough to be fixed", despite the fact that it poses a clear security risk and breaches of its users' privacy.
Facebook has not only ignored the vulnerability, but is actively encouraging PR representatives to downgrade and "normalize" data breaches. Read an internal Facebook email which was accidentally sent to a Data News reporter after the April 5 leak.
Hundreds of millions of Facebook users this month saw their data travel across the internet due to two separate security holes in the social network. Faced with this significant amount of data, Facebook hopes to "normalize" the phenomenon and argues that we should learn to live with data leaks. For a website obsessed with collection data from its users, Facebook's negligence causes.
Facebook now says it “accidentally closed this bug report before routing it to the appropriate one team” and that it is currently investigating the problem. We don't know when the company will fix this particular security hole or how many accounts have been affected.