Facebook security bug exposes 6 million users' contact info
Facebook accidentally exposed 6 million users’ contact information. Watch out for an email alert from the network to find out if you were affected by an apparent security bug.
The bug allowed the emails and phone numbers of some 6 million users to be accessed by contacts or friends of friends as part of the site’s friend recommendation algorithm, the social network’s security team said Friday.
If you upload your contacts or address book to Facebook in order to find friends, Facebook uses that information to determine if your friends are already on the network or if you should invite them to join. That contact information may have been included in account archive information that users can download. In other words, people who have some connection to you may have been able to view your contact information when they downloaded their archive. Facebook said it disabled the Download Your Information tool, fixed it, and turned it back on within a day.
Facebook’s security team said each affected user’s information was downloaded just once or twice, which is a small consolation. The company also noted that no financial information was included and only Facebook users have access to the download tool (so information was probably not sold to advertisers).
“Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again,” Facebook said in its Friday announcement.
This isn’t the first time Facebook users’ personal information has been exposed. Facebook in 2011 introduced a White Hat bug bounty program, where security experts can file reports about bugs and collect rewards. This most recent bug was discovered by one such researcher.