The world’s largest social networking company acknowledged late Friday that a technical flaw in its system inadvertently allowed the phone numbers and email addresses of 6 million users over the past year to be accessed by unauthorized viewers.
Facebook says it worked out the bug within 24 hours of discovering it last week and has begun notifying users whose contact information was exposed.
The company wrote on its Facebook Security page that it didn’t believe that the bug had been “exploited maliciously.” It added that “we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing.”
The Associated Press via The Washington Post:
Facebook said in a blog post that the cause of the bug is “pretty technical” but that the problem is tied to its “Download Your Information” tool.
The company uses the information that users upload to better tailor the friend suggestions it issues. The bug caused some of this information to be inadvertently stored in association with a person’s contact information as part of their Facebook account.
As a result, if someone downloaded an archive of their Facebook account through the “Download Your Information” tool, they may have been provided with additional addresses or telephone numbers for their contacts or people with whom they have some connection. Because the contact information was provided by other people on Facebook, it was not necessarily accurate.