Facebook reported on Friday a bug in its system “that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.”
The bug, which was reported via Facebook’s crowdsourced, White Hat security researcher program, was a part of one of Facebook’s data download tools. Facebook introduced the tool, named “Download Your Information”, allows users to do just that: It provides a history of your Facebook data since you joined the network, including Timeline data, contact information, photos and videos.
The social networking giant said about six million email addresses and telephone numbers were shared, but it noted that “no other types of personal or financial information were included and only people on Facebook — not developers or advertisers — have access to the DYI tool.” It is understood that the bug has been live since last week, but was deactivated as soon as it was reported and reviewed by the security team.
Part of the problem involved Facebook’s contacts importer tool, a way for the social giant to use your communications data to connect you with people you already know on the network. After you upload your contact data from sources like Gmail, Yahoo or other services, the bug would automatically correlate it with other contact information that exists on the network.
So for example, if you have the gmail address of “Veronica Smith” in your contacts and upload that to Facebook, it’ll match with Veronica’s Yahoo email address if in fact she has entered both on Facebook.
It’s a complicated situation, but sheds light on issues of safety related to uploading one’s address book and list of contacts to services which thrive on such personal data. Other companies like Path, Instagram, Twitter and many more also use contact importing tools such as these.
Earlier this year, Facebook was also caught up in another security scandal, after a number of employees’ laptops were infected with Malware from a third-party web site. Other tech giants, such as Facebook, Twitter, Apple and Microsoft, were also caught up in the scandal.
With reporting by Mike Isaac