Facebook Admits Security Bug Impacted 6 Million Users

Facebook said problem is now fixed

View Comments ()



    Stock Image.

    Facebook said Friday that a security bug has exposed users’ personal contact information to other users who were connected to them.

    The breach impacted six million accounts, according to Facebook. Basically, because of the bug, some of the information Facebook used to make friend recommendations was inadvertently stored in association with people’s contact information as part of their account on Facebook.

     Facebook said the bug has not been exploited in any malicious way.

    The social media company said Friday that a bug led to some contact information, such as email addresses or phone numbers, to be uploaded by other users.
    The problem arose when a Facebook user downloaded an archive of their Facebook account through Facebook's "Download Your Information'' tool. Because of the bug, the user may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. Because the contact information was provided by other people on Facebook, it was not necessarily accurate.

    Tech Crunch quotes a Facebook source who said the bug has been active since last year and discovered last week.

    Facebook said its security team fixed the problem in less than a day. 

    They are now in the process of contacting those users who were impacted.

    Here's a little from the Facebook blog: 

    We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.