Facebook bug exposes the personal details of six million users
Social networking site said they are "upset and embarrassed" by the bug which released email address and telephone numbers
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Facebook took to their security page to apologise again today, after the site admitted a bug had “inadvertently” exposed the personal information of six million users.
The site said they were “upset and embarrassed” in a blog post when their White Hat security program detected the bug after it had already affected millions of user accounts.
Although “describing what caused the bug can get pretty technical”, the company said they wanted to explain exactly what happened, to stress that “the practical impact of this bug is likely to be minimal”.
Facebook explained that anyone attempting to download archive profile information using the Download Your Information (DYI) tool may have been provided with the email or telephone numbers of people who they shared connections with on the site. The email addresses and telephone numbers of an estimated six million people affected were given out to other users “once or twice”.
“This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool," they said.
“After review and confirmation of the bug by our security team, we immediately disabled the DYI tool to fix the problem and were able to turn the tool back on the next day once we were satisfied that the problem had been fixed.”
Facebook reassured users that in “almost all cases”, each email address or telephone number was only exposed to one person. “Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.”
They added that they had received no information to suggest the bug was malicious or that any complaints had been made from users who had noticed “anomalous behaviour” or “wrongdoing”.
The problem has since been rectified and Facebook have made regulators in the US, Canada and Europe aware. They are now in the process of notifying those affected.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments