Facebook has made a confession through its website confirming that it was unable to detect a prevalent bug that managed to expose contact details of as many as 6 million users of the social networking website. According to a post on the Facebook Security page, the company failed to detect the data breach and was informed about the same by external security researchers via their White Hat program.
We understand that contact data comprising of email ids and phone numbers was leaked to those who had some connection with them. It has stressed on the fact that details have not been exposed to unknown people, but to those who already had some information about the affected person. The OEM has blamed some faults in the DYI tool for the privacy violation.
The DYI or Download Your Information tool allows users to save an archive of their Facebook account locally and it was while downloading this particular file that they received contact details of their friends or people who connect with them on the SNS. This is because the company matches data from various profiles in order to generate friend recommendations and invitations to join the network. A bug had caused the information to get saved with other subscribers’ account particulars and they ended up downloading it along with their own archive.
All of these email ids and phone numbers were provided by people using the web portal and there are chances that they may not be completely accurate. It has also been revealed that the exposed information appeared only in one or two downloads which means that a person’s particulars were not disclosed to more than a couple of Facebook users. The guys over at the Menlo Park company had disabled the DYI tool as soon as they learnt about the bug and fixed it before enabling it again.
Facebook users can rest assured because their financial or any other type of details weren’t exposed and the SNS claims they have not received reports pertaining to exploitations because of the bug. It should also be noted that no particulars were shared with advertisers or developers. The website is in the process of informing affected people about the breach via email.