Pinterest Stumbleupon Whatsapp

Facebook revealed that personal details of 6 million people were recently exposed due to a data glitch. The bug was found in the method Facebook uses to manage contact lists and addresses on its network. Facebook’s algorithm processes the data so it could make accurate friend recommendations.

The unintended information was exposed through the Facebook’s Download Your Information tool. Phone numbers and email addresses, which are some of the variables used for the making friend recommendations, were accidentally included in the download made by Facebook members using the tool.

Facebook said that it was “upset and embarrassed” by the lapse. The Facebook bug was detected in a white hat operation conducted by the social network to find loopholes in its security. The bug has been fixed and furthermore, Facebook says that the security gap hasn’t been exploited by miscreants. Facebook hasn’t detected any malicious use of the data. In their own words, the “practical impact” had been small because information was most likely to have been shared with people who already knew the affected individuals. Also, there were no other personal or financial information associated with the leak. Developers and advertisers do not have access to the DYI tool.


Facebook released a security advisory – probably in a preemptive effort  – which highlighted their White Hat program that detected the anomaly. The researcher who found the bug was paid a big bounty for his efforts. The message also explained the problem in more detail and assured users about Facebook’s commitment to security.

What do you think about Facebook’s revelation? Do you welcome this voluntary disclosure?


Source: BBC

  1. Yaz C
    June 30, 2013 at 8:33 am

    While it's scary to have known that this bug exist, we shouldn't be sharing sensitive personal info on social media networks in the first place. Then again, what might be "sensitive" data for some, isn't for others.

    • Saikat Basu
      June 30, 2013 at 8:46 am

      Very true. That's in fact the first line of security. The web is so much part of our lives, that we don't realize that it's still the Wild West in some respects with many rogue elements.

  2. Omstavan Samant
    June 27, 2013 at 5:02 am

    yeah, They sent a mail to me that my data had been compromised. It said "Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. Because of the bug, the email addresses and phone numbers used to make friend recommendations and reduce the number of invitations we send were inadvertently stored in their account on Facebook, along with their uploaded contacts. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, which included their uploaded contacts, they may have been provided with additional email addresses or telephone numbers."

    • Saikat Basu
      June 27, 2013 at 12:29 pm

      Well, at least they have been proactive in this case before the embarrassment really hit them.

  3. null
    June 26, 2013 at 6:57 pm

    Do you mean it wasn't on purpose like the rest of their privacy issues? NSA and Facebook privacy is job none.

  4. Carlo Vincente
    June 25, 2013 at 11:47 pm

    I don´t care

  5. dragonmouth
    June 25, 2013 at 11:03 pm

    It seems FB has been "upset and embarrassed" a lot. Is it enough to make data security Job 1, or will pursuit of profits remain FB's main goal?

Leave a Reply

Your email address will not be published. Required fields are marked *