A Facebook bug may have compromised the contact information of six million users, according to the social networking site. The bug has since been repaired.
The problem happened in the site’s Download Your Information tool, which allows users to export data from their profiles, including posts to their timeline and conversations with their friends.
While the number of users impacted was large, the spread of their contact information was actually limited. Phone numbers and email addresses were not exposed to developers or posted publicly. Instead, they were only shown to people who had a tentative connection with the users.
Facebook’s security team announced the bug in a post, explaining:
“For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice.”
There was no evidence that the Facebook bug was “exploited maliciously.” There have also been no complaints related to the problem. The issue was first discovered by a third party researcher, who used Facebook’s White Hat program to make the company aware of the bug.
The White Hat program is set up so that security researchers and others can report vulnerabilities they find on the network. They can receive a $500 reward or more for their report. The security team added:
“Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure.”
Along with fixing the bug, Facebook is currently in the process of informing affected users through email. The affected accounts were only a fraction of the social network’s more than one billion users around the world. There is no word on whether the bug affected a specific country, or if affected users are located around the world.
Do you use Facebook’s Download Your Information tool? If so, you may have been affected by the bug.