Facebook Security Bug Shares Six Million Users’ Contact Info
If you’re a Facebook user, you should pay attention to any emails you receive from Facebook. The Facebook Security blog warns of a bug that may have allowed approximately six million Facebook users’ contact information (email addresses or phone numbers) to be accessed by people who either had some contact information about that user or a connection to them. Affected users are being notified via email.
According to Facebook’s website, here’s what happened:
When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.
“We currently have no evidence that this bug has been exploited maliciously,” Facebook states. In most instances, the company says, an email address or telephone number was exposed to only one person, no other types of personal or financial information were included, and only Facebook users—not developers or advertisers—have access to the DYI tool.
According to Facebook, the security flaw was discovered through a bug report that came through their White Hat program, where the company pays bounties for verifiable bugs. Once the bug was confirmed, Facebook says it immediately disabled the DYI tool to fix the problem and was able to turn the tool back on the next day.
If you think your information may have been shared, Fox Business lists some steps to take recommended by Adam Levin, founder of IDT911 and Credit.com, including changing your email password as soon as possible and having different email accounts for personal or social media and financial accounts.
