A bug in Facebook’s login system allows attackers to match unknown email addresses with users’ first and last names, even when they’ve configured their accounts to make that information private.
The information leak can be exploited by social-engineering scammers, phishers, or anyone who has ever been curious about the person behind an anonymous email message. If the address belongs to any one of the 500 million active users on Facebook, the social-networking site will return the full name and picture associated with the account.
Read the full article here.
Source: [The Register]