Facebook admits bug shared contact details of 6 million users

SAN FRANCISCO: The phone numbers and email addresses of some 6 million Facebook users were improperly shared due to a software bug, the social network said Friday.

But no financial or other information was disclosed to others, and there was “no evidence that this bug was maliciously exploited,” Facebook said in a security note, adding that it was “upset and embarrassed” by the issue.

Affected users were notified by email, he said, while stressing that the practical impact would likely be “minimal”, in part because inappropriate data sharing would only have occurred between users who already had a connection.

“We take people’s privacy seriously and strive to protect people’s information as best we can,” he said, but added, “Even with a strong team, no company can guarantee prevention at 100% of the bugs”.

In this case, the bug “may have allowed some of a person’s contact information by email or phone number to be accessed by people who had contact information about that person or a connection with she”.

The unwarranted sharing allegedly occurred when a Facebook user went to download an archive from their Facebook account through the social network’s Download Your Information (DYI) tool, he said.

“They may have received additional email addresses or phone numbers for their contacts or people they have a connection to,” according to the security memo.

He continued, “We concluded that approximately 6 million Facebook users had shared email addresses or phone numbers.”

“We currently have no evidence that this bug has been exploited maliciously, and we have not received any user complaints or seen any abnormal behavior on the tool or site suggesting wrongdoing.”

“While the practical impact of this bug is likely minimal since any shared email addresses or phone numbers were shared with people who already had some of that contact information anyway, or had a connection to one with others, it’s always something we’re upset and embarrassed by.” (AFP)