Facebook needs to pull it together. One day after successfully contributing to the demise of Vine (by way of Instagram’s new 15-second video feature) the company admitted that personal information from six million of its users has been exposed.
A glitch in the company’s security system revealed the email addresses and phone numbers of millions of people, starting back in 2012. Facebook learned of the breach last week and fixed the problem within 24 hours, but didn’t announce the news until earlier today (June 21).
We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.
Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool.
The social networking site doesn’t believe the incident to be “malicious,” but remains “upset and embarrassed” by the bug. “We’ll work doubly hard to make sure nothing like this happens again,” Facebook added.
Facebook was recently named as one of the companies handing over user information to the NSA in anti-terroisM efforts, and has denied any involvement in the action.