Facebook bug exposed contact information for 6 million of its users

facebook

One of Facebook’s archival features has accidentally exposed the contact information of around 6 million of its users. This includes email addresses and phone numbers that users may or may not have wanted shared with all their contacts.

The security bug comes from Facebook’s archive feature, which you can see pictured below. The feature lets you download things like media that you’ve posted on the site, messages, friends’ names along with some of their email addresses. If you look closely, there’s a note there that explicitly states that the archive will “only include email addresses for friends who’ve allowed this in their account settings.” What the bug did was attach those friends’ email addresses and/or phone numbers anyway, exposing information that some people might have wanted kept private or to a select group of people.

facebook2According to Facebook, the bug has apparently been live since last year. It was discovered last week and the security team fixed it within 24 hours of them being notified of its existence. Additionally, before we all start freaking out by this, each individual email address or phone number was only included in the data once or twice. But more importantly, developers and advertisers do not have access to the archive tool — so none of that information was exposed to them.

[via TechCrunch]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

4 comments

  1. David Roper

    Seamus, I enjoy talking to friends and making vomments like this on FB. What I HAVE noticed is with this FB leak of email addresses, I get a lot junk mail “via” some other domain daily. Thanks FB, and thanks Gmail for not even catching the “via” junk mail or even allowing me to create a filter for it.

    Nothing but neophyte kids working at Google and Facebook. Prove me different FB and G. Run them like Ashraf does at DT.