For nearly a year, a bug in Facebook’s (NASDAQ:FB) friend recommendation system has displayed the contact information of about six million users to others. Although Facebook says that there is no evidence of malicious use of the information, the bug was discovered only 24 hours ago so testing is still ongoing.
The bug revolves around Facebook’s system feature in which it matches contact info of people you know with the information present in user accounts within Facebook — for example, when Facebook looks into your email address book and attempts to find matches. If someone were to use the Download Your Information tool, it was possible to find email addresses and phone numbers for people you have a connection with, but are not necessarily friends with.
This bug was possible because information used for the friend recommendation feature were saved in data archives, according to Facebook’s official blog. Facebook explained, “if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.”
Facebook was quick to point out that although the bug affected six million users, it was not as devastating as it could have been. “For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.”
Still, the security flaw is not likely to make users any less weary of Facebook’s privacy practices, especially after its recent developments with surveillance data due to the NSA leak. They later wrote, ”Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure.”
While the newest issue for Facebook doesn’t appear to be as damaging as it potentially could have been, it’s yet another blight on Facebook’s recent track record.