Facebook bug exposes personal information of 6M users

A Facebook security bug that has been in existence since last year was discovered this week, but only after the contact information of six million users had been exposed.

Facebook acknowledged the bug's existence in a blog post on Friday, saying the error has existed on its servers since last year and has so far affected six million accounts, reports TechCrunch.

The bug, found by independent researchers through the company's White Hat program, exposes the personal contact information of certain accounts. According to the report, email addresses and phone numbers could be viewed by people who had "had some contact information about that person or some connection to them."

According to the company, the bug relates to the social network's friend discovery process.

When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we donâ€™t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.

The bug caused some of the data used to connect with friends to be stored alongside a person's contact information. By using the Download Your Information tool, people were granted access to a user's private email addresses and phone numbers that would otherwise be hidden.

The DYI tool has since been deactivated as Facebook flushes the bug from its system.

23 Comments

robm 1065 comments · 18 Years

About 11 years ago

Way to go FB ! How anybody can trust these people with any info is beyond me. I dunno, the whole idea of being a "friend" in the cyber sense is a little weird. :D

droidftw 1009 comments · 11 Years

Facebook Privacy, an oxymoron if ever there was one.

radjin 165 comments · 14 Years

No one should be allowed to upload their contacts. Did they ask those contacts if they wanted their address and phone numbers sent to FaceBook?

nick29 111 comments · 11 Years

"as Facebook flushes the bug from its system" haha. Something tells me that in the future there will be more and more of these "bugs", planted by private individuals, the government or Facebook itself. I'm on the verge of dumping this FB once I find a better way to stay in touch with friends abroad (probably just email). I only use FB it to reply to messages that were sent to me, which is very rare, given that they are mining all of my data. BTW does anyone else think that FB has one of the worst designs for a website? Ads are a given, but having a "home" page and a "profile" page with redundant elements and a clunky UI, it's garbage. How does an awkward, nerd like Zuckerberg sell himself on being a social wizard? Can't wait to see this fad die, its just a matter of time.

struckpaper 702 comments · 11 Years

Every company with a medium to larger user base has had security holes uncovered, from Facebook to Microsoft to Apple to Google to Amazon to credit companies to banks.

It's a fact of life, unless one abstains from participating in anything online.