Facebook Bug Exposed Phone Numbers
Turns out that up until a few weeks ago, against its own policy, Facebook’s self-service ad-targeting tools could have squeezed users’ cellphone numbers from their email addresses… albeit very, verrrrry sloooowly. The same bug could have also been used to collect phone numbers for Facebook users who visited a particular webpage.
Finding the bug earned a group of researchers from the US, France and Germany a bug bounty of $5000. They reported the problem at the end of May, and Facebook sewed up the hole on 22 December.