You know, buddy, I think from FB we could all use a little more "thanks for pointing out this problem that we at FB should have prevented or refused to implement" and a little less of sarcastic "if you are truly concerned...jump through our hoops."
Preventing harm to users is your job, not ours.
Associates of mine have made SEVERAL complaints to FB about security concerns through your standard "hoops" (including /whitehat), and have received exactly ZILCH, NADA in response.
I get what you're saying and I'm sorry if I was snarky. On the subject of politeness, I myself don't enjoy reading posts titled "Facebook privacy fuckup" at 5am on a Sunday.
Please also remember that not every report actually pans out. I can't say we should have prevented this because I don't yet know if there is something to prevent. It now appears that the behavior the OP is calling a "fuckup" happened after he confirmed ownership of the phone number. This might change things a bit.
Preventing harm is our responsibility. But if you happen to find an open door, or what might look like an open door, it's more helpful to get all the facts first, report to the vendor, and disclose later if you think the reporting process is unsatisfactory.
For instance, if you have not heard a response from /whitehat, please email me and I will see what I can find out. Or disclose it. I can't stop you.
When it comes to the rules of disclosure, I'm well aware that where you stand depends on where you sit, but I personally think these kinds of firedrills aren't the right way to do it.
Thanks for your response, but frankly you are presenting a textbook example here of continuing to impolitely blame the messenger(s). If you don't enjoy reading posts entitled "Facebook privacy fuckup" at 5am on a Sunday, then perhaps FB should start to take privacy more seriously. I'm sure the fact that people are more than a little suspicious of FB in numerous ways and that many have made repeated privacy complaints is hardly news to you, at 5am or otherwise. FB privacy is your firedrill, not ours.
Preventing harm to users is your job, not ours.
Associates of mine have made SEVERAL complaints to FB about security concerns through your standard "hoops" (including /whitehat), and have received exactly ZILCH, NADA in response.