Up to six million Facebook Inc (NASDAQ:FB) users’ personal e-mail addresses and phone numbers have been exposed, and not through a hack. Facebook reported late Friday afternoon that a software bug or glitch in its systems left users’ personal information exposed to people who weren’t necessarily their friends on the service. The social network has fixed the issue and is informing affected users. Facebook said in a blog post that the cause of the bug is “pretty technical” but that the problem is tied to its “Download Your Information” tool. The company uses the information that users upload to better tailor the friend suggestions it issues. The bug caused some of this information to be inadvertently stored in association with a person’s contact information as part of their Facebook account.
As a result, if someone downloaded an archive of their Facebook account through the “Download Your Information” tool, they may have been provided with additional addresses or telephone numbers for their contacts or people with whom they have some connection. Because the contact information was provided by other people on Facebook, it was not necessarily accurate.
Facebook said it has fixed the problem and is in the process of notifying affected users via email. The affected accounts represent only a fraction of the over 1 billion users on the social media site. Facebook, which is headquartered in Menlo Park, Calif., said that it has no evidence that the bug has been used maliciously and it has not received complaints.
How the Bug Attacked
With enormous active users this bug has created a huge harassment to the users. The team explained that the bug or glitch, while very technical, was a result of the feature that allows Facebook to access users’ contact lists or address books. That feature allows Facebook to suggest that you be friends with the people in your address book on the social network. It will either suggest you become their friend on the service, if they are already on it, or that you invite them to the service.
Here’s what the bug was doing: If you had uploaded your address book and you had a friend named Karen with the e-mail address mailto:firstname.lastname@example.org mailto:email@example.com, Facebook would house that information in its database. When Mark joined Facebook and put in his address book with just Karen’s firstname.lastname@example.org address, it would suggest that he become friends with Karen and maybe even you.
But with the glitch, if Mark had then used Facebook’s Download Your Information tool, he would have been given Karen’s other email address – Karen@someplace.com — even though he had never had it.
“As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection,” Facebook explained.
Facebook said that some of that information provided might have been inaccurate and believes that the six million Facebook users who had their email or telephone numbers shared with people only had it shared once. Additionally, it was likely shared with someone they knew through someone else.
“This means, in almost all cases, an email addresses or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook — not developers or advertisers — have access to the DYI tool,” the post read.
The social network said there is “no evidence” that the bug was exploited by hackers. McAfee security expert Robert Siciliano also believed that it probably wasn’t. “It’s still disturbing, however, that it happened in the first place,” Siciliano said. “Certainly, it’s good that Facebook is bringing this to the public’s attention. Facebook knows it needs to be vigilant and consumers need to be, too. “Siciliano said the chances of this affecting a person’s identity were very slim, but he said consumers should be on the lookout for fake emails from Facebook or other organizations. He also reminded users that they should change their passwords every six months. “Our information is out there and it is of value,” he said. “As long as we put it out there we have to know there are risks as a result.”
Study of the giant site
Since the revenue of the social network met a fall down by losing 9 million monthly visitors in US, 2 million in the UK, 3.34 million in Japan and 20% in Australia. It is very required for the network to come with new strategies to hike the user base. New strata’s of Facebook has been seen in these days. With it’s up gradation in its features like instragram’s video feature, photo comment feature, introduction of hashtag’s, it’s trying to target the user base and the advertisement base. Now the bug in the user’s account accessing the personal information might bring a downfall to the social network once again. More than 1.1 billion users in Facebook out of which six million faced this harassment can lead them stop using the social site or switch o other popular social networks like Twitter. All the efforts given to enhance the user base will remain vogue if these issues continue.
Here is what the apology letter from Facebook says:
Your privacy is incredibly important to everyone who works at Facebook, and we’re dedicated to protecting your information. While many of us focus our full-time jobs on preventing or fixing issues before they affect anyone, we recently fell short of our goal and a technical bug caused your telephone number or email address to be accessible by another person.
The bug was limited in scope and likely only allowed someone you already know outside of Facebook to see your email address or telephone number. That said, we let you down and we are taking this error very seriously.
Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. Because of the bug, the email addresses and phone numbers used to make friend recommendations and reduce the number of invitations we send were inadvertently stored in their account on Facebook, along with their uploaded contacts. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, which included their uploaded contacts, they may have been provided with additional email addresses or telephone numbers.
Here is your contact Information (inadvertently accessible by at most 1 Facebook user):
Mobile number: **********
We estimate that 1 Facebook user saw this additional contact info displayed next to your name in their downloaded copy of their account information. No other info about you was shown and it’s likely that anyone who saw this is not a stranger to you, even if you’re not friends on Facebook.
We recognize that mistakenly sharing contact info is unacceptable, even if you are acquainted with people who saw these details, and we’ve taken measures to prevent this from happening again. For more information on the bug, please read our blog post.
All of us at Facebook take this issue very personally. We appreciate your ongoing use of Facebook, and are working every day to deliver the level of service you expect and deserve.