Facebook revealed that personal details of 6 million people were recently exposed due to a data glitch. The bug was found in the method Facebook uses to manage contact lists and addresses on its network. Facebook’s algorithm processes the data so it could make accurate friend recommendations.
The unintended information was exposed through the Facebook’s Download Your Information tool. Phone numbers and email addresses, which are some of the variables used for the making friend recommendations, were accidentally included in the download made by Facebook members using the tool.
Facebook said that it was “upset and embarrassed” by the lapse. The Facebook bug was detected in a white hat operation conducted by the social network to find loopholes in its security. The bug has been fixed and furthermore, Facebook says that the security gap hasn’t been exploited by miscreants. Facebook hasn’t detected any malicious use of the data. In their own words, the “practical impact” had been small because information was most likely to have been shared with people who already knew the affected individuals. Also, there were no other personal or financial information associated with the leak. Developers and advertisers do not have access to the DYI tool.
Facebook released a security advisory – probably in a preemptive effort – which highlighted their White Hat program that detected the anomaly. The researcher who found the bug was paid a big bounty for his efforts. The message also explained the problem in more detail and assured users about Facebook’s commitment to security.
What do you think about Facebook’s revelation? Do you welcome this voluntary disclosure?