Facebook Latest Privacy Gaffe Leaked Personal Information for 6 Million Users

Say What!? 2

Facebook has had its share of privacy-related scandals, but a recent security flaw is getting quite a bit of attention because of the number of people affected. Up to six million Facebook users' personal email addresses and phone numbers have been exposed, and while that's a small percentage of their total user base of one billion and counting, well, STILL. Six million, man.

In a nutshell, the bug was related to Facebook's feature that grants access to users' contact lists or address books, and it exposed personal contact information to folks who weren't necessarily friends. Just what you want to hear, right? Your private phone number may have been sent directly to a stranger's inbox, courtesy of Facebook.

Here's what Facebook's Security team wrote about the glitch:

We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.

Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.

Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool.

Facebook explains that they immediately disabled the DYI tool to fix the problem, then re-enabled it the next day once they were assured it was working correctly.

The social media company thinks approximately six million Facebook users had email addresses or telephone numbers shared, but no other types of personal or financial information was leaked. Facebook doesn't believe the bug has been used in any nefarious way, and that "the practical impact of this bug is likely to be minimal."

Still, even though it doesn't sound likely that this flaw will result in identity theft or other criminal activity, it's probably a good idea for Facebook users to be extra vigilant about security in the months to come. Experts suggest changing your passwords every six months at a minimum, and creating a super-secure unique password for each place you log into. (Don't use any of the ones from this list.)

Boy, isn't it amazing how easy it is to share our lives through the magic of social media? Even the things we didn't know we WERE sharing.

Had you heard of this Facebook security flaw?


Image via English106/Flickr

facebook, privacy

2 Comments

To add a comment, please log in with

Use Your CafeMom Profile

Join CafeMom or Log in to your CafeMom account. CafeMom members can keep track of their comments.

Join CafeMom or Log in to your CafeMom account. CafeMom members can keep track of their comments.

Comment As a Guest

Guest comments are moderated and will not appear immediately.

Andres Arcesio Torres Cano

As appropriate to give out these facts after the spy scandal and which is committed to this company and others to provide information to the government. with apologies will not repair the damage, naive hope that this nonsense.


Poligrafía



 


BGarcel BGarcel

Above comment translated as best as I can: How appropiate is it to give out this information after the spy scandal in which this company and others are commited to provide this information to the government? Apologizing will not repair the damage, only the naive stand for this nonsense.

1-2 of 2 comments
F