- dotTech - http://dottech.org -

Facebook bug exposed contact information for 6 million of its users

Posted By Enrique Manalang On June 24, 2013 @ 5:57 AM In World Wide Web | 4 Comments

facebook [1]

One of Facebook’s archival features has accidentally exposed the contact information of around 6 million of its users. This includes email addresses and phone numbers that users may or may not have wanted shared with all their contacts.

The security bug comes from Facebook’s archive feature, which you can see pictured below. The feature lets you download things like media that you’ve posted on the site, messages, friends’ names along with some of their email addresses. If you look closely, there’s a note there that explicitly states that the archive will “only include email addresses for friends who’ve allowed this in their account settings.” What the bug did was attach those friends’ email addresses and/or phone numbers anyway, exposing information that some people might have wanted kept private or to a select group of people.

facebook2 [2]According to Facebook, the bug has apparently been live since last year. It was discovered last week and the security team fixed it within 24 hours of them being notified of its existence. Additionally, before we all start freaking out by this, each individual email address or phone number was only included in the data once or twice. But more importantly, developers and advertisers do not have access to the archive tool — so none of that information was exposed to them.

[via TechCrunch [3]]

Article printed from dotTech: http://dottech.org

URL to article: http://dottech.org/113272/facebook-bug-exposed-contact-information-for-6-million-of-its-users/

URLs in this post:

[1] Image: http://dottech.org/wp-content/uploads/2013/06/facebook.jpg

[2] Image: http://dottech.org/wp-content/uploads/2013/06/facebook2.jpg

[3] TechCrunch: http://techcrunch.com/2013/06/21/facebook-security-bug-exposed-personal-account-information-emails-and-phone-numbers-six-million-accounts-affected/

© 2008-2012 dotTech.org | All content is the property of its rightful owner.