By Alexandra Burlacu | Jun 22, 2013 01:06 PM EDT
A Facebook security bug exposed 6 million users' contact information such as e-mail address and phone number to other users connected to them.
In other words, no less than 6 million accounts were compromised and the users' information inadvertently shared with others, the social networking company reported.
"When people update their contact lists or address books to Facebook, we try to match the data with the contact information of other people on Facebook in order to generate friend recommendations," the company explains in a blog post announcing the security bug.
"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through or Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool."
Facebook further notes that it immediately disabled that DYI tool upon learning about the bug in order to fix the problem. The company turned the DYI back on the next day, after addressing the issue.
'We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. "There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person."
The company assures users that no other types of personal information or sensitive financial information were exposed. According to Facebook, developers and advertisers don't have access to its DYI tool, only users do.
While security bugs are never good news, especially when it inadvertently exposes information, Facebook claims it found no evidence to suggest that this bug was exploited maliciously. The company nonetheless notified regulators in the U.S., Canada and Europe. Facebook users affected by this bug, meanwhile, will receive an email that lets them know their contact information was exposed and to how many people.
© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.