24 Jun 2013
Story image

Facebook bug exposes 6 million users

Six million Facebook users have had their private contact information exposed, the social networking giant has admitted.

In a statement released to the press, the site's security division made the admission, which made email addresses and phone numbers accessible to Facebook users who downloaded their account histories onto their own computers.

Facebook said while describing what caused the bug can get "pretty technical", the site offered an explanation for how it happened in simpler terms.

"When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations," the statement read.

"For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.

"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook.

"As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.

"This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool."

Problem resolved?

The accidental security breach has been resolved however, with Facebook claiming to have immediately disabled the DYI tool to fix the problem.

In a bid to reassure the six million users affected, the site insisted in almost all cases, any private contact information was only exposed to one person - with no other types of personal and financial information included in the gaffe.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," Facebook added.

"Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again.

"Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure."

User confidence

After notifying regulators in the US, Canada and Europe, Facebook is in the process of notifying affected users via email, while rewarding the security researcher who issued the White Hat program - leading to the resolution of the breach.

In a further bid to restore user confidence in the website which hosts over one billion active Facebookers, the site said it takes people's privacy seriously, yet cannot always ensure a watertight security system.

"Even with a strong team, no company can ensure 100% prevention of bugs, and in rare cases we don’t discover a problem until it has already affected a person’s account," Facebook said.

"This is one of the reasons we also have a White Hat program to collaborate with external security researchers and help us ensure that we maintain the highest security standards for our users."

Have you been affected by the security bug? Does this dampen your confidence in Facebook? Tell us your thoughts below

Recent stories
More stories