Facebook security breach exposed personal data for six million users

Facebook has admitted to a security breach which exposed details such as emails and phone numbers for six million site users.

The “bug” was found by a researcher working for the social network’s White Hat program, where security researchers are paid “bug bounties” of $500 and up for finding bugs.

“We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them,” Facebook said in a blog post.

The company admitted that it was “upset and embarrassed” in its blog post.  The bug allowed people to see information such as email addresses and phone numbers for either contacts or people with whom they had some connection on the network.

Facebook says that it has “no evidence” that the bug was used maliciously, nor any evidence of “anomalous behavior on the tool or site to suggest wrongdoing”.

“When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations,” the company said.  “Because of the bug, some of the information used to make friend recommendations was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.”

Facebook engineers immediately disabled the tool and restored it within 24 hours.

ESET’s security experts offer tips for sharing information safely on networks such as Facebook here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s