SAM Daily Times

Facebook bug exposes some contact information

A newly discovered Facebook bug may have inadvertently compromised the contact information of 6 million users. The bug, which has since been repaired, was part of the Download Your Information tool, which lets Facebook users export all the data from profiles, such as posts to their timeline and conversations with friends. People using the tool may have downloaded inadvertently the contact information for people they were somehow connected to. 

Some people upload their contact lists or address books to Facebook, which the company then uses to suggest new friends they can connect with who are already using the service. Though the number of people impacted is sizable, the actual spread of their contact information appears to be limited. The phone numbers and e-mail addresses were not exposed to developers or posted publicly. It is only shown to people they had at least a tentative connection with, and who may have already had their contact information. Even in that pool, it was only exposed to people who had used the data-exporting tool. 

"For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person," Facebook's security team said in a post. The company says it has no evidence that the bug was "exploited maliciously" and that there have been no complaints so far. 

The social media company announced the bug on Friday afternoon. The issue was discovered by a third-party security researcher who submitted it through Facebook's White Hat program.

cnn.com