We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,639 News Articles

Facebook security bug exposes 6 million users' contact info

Facebook users, keep an eye on your email: the social network plans to send out security alerts to those whose information was exposed.

Facebook accidentally exposed 6 million users' contact information. Watch out for an email alert from the network to find out if you were affected by an apparent security bug.

The bug allowed the emails and phone numbers of some 6 million users to be accessed by contacts or friends of friends as part of the site's friend recommendation algorithm, the social network's security team said Friday.

If you upload your contacts or address book to Facebook in order to find friends, Facebook uses that information to determine if your friends are already on the network or if you should invite them to join. That contact information may have been included in account archive information that users can download. In other words, people who have some connection to you may have been able to view your contact information when they downloaded their archive. Facebook said it disabled the Download Your Information tool, fixed it, and turned it back on within a day.

Facebook's security team said each affected user's information was downloaded just once or twice, which is a small consolation. The company also noted that no financial information was included and only Facebook users have access to the download tool (so information was probably not sold to advertisers).

"Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," Facebook said in its Friday announcement.

This isn't the first time Facebook users' personal information has been exposed. Facebook in 2011 introduced a White Hat bug bounty program, where security experts can file reports about bugs and collect rewards. This most recent bug was discovered by one such researcher.


IDG UK Sites

Nokia replaces budget Lumia 520 with 530: Release date, price and specs

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer