Facebook User Data Exposed by Security Bug

Facebook says six million of its users have had their personal data exposed. The issue stems from a security bug that allowed email addresses and phone numbers to be easily accessed by a user's Facebook 'friends'.

The problem is associated with Facebook's friend recommendation algorithm, which is designed to help users find old friends, family, and contacts and establish new relationships with them.

Facebook uses uploaded personal data, including email addresses and contact lists, to find new 'friends'. This system can also be used to invite friends who are not yet Facebook members to join the social networking site.

Friend-Finding Tool Disabled, Fixed, Placed Back Online

According to reports, for about six million Facebook users the phone numbers and email addresses used in this process were exposed. (Source: techhive.com)

Reports indicate the pertinent data may have been exposed for an entire year before the social networking firm was alerted to the problem.

Facebook says it went about addressing the issue by disabling the 'Download Your Information' tool. Within a day the tool had been fixed and placed back online.

The social networking firm says it has "no evidence that this bug has been exploited maliciously," and that the firm has not received any "complaints from users ... to suggest wrongdoing." Facebook also said it doesn't believe anyone's financial information was affected.

Still, Facebook's security team is notifying regulators in North America and Europe about the issue. The firm also says it's emailing every member who may have been affected by the bug.

Facebook Promises to Work "Doubly Hard" to Protect Users

Facebook attempted to calm alarmed users with this statement, which it released on Friday:

"Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again."

Interestingly, the security bug was originally discovered by a security researcher participating in Facebook's White Hat security program.

"We appreciate the security researcher's report to our White Hat program, and have paid out a bug bounty to thank him for his efforts," Facebook said. (Source: facebook.com)