Facebook said it makes the issue of privacy an important one and continuously discusses the need for people to stay on top of their privacy settings. That said, the site is once more under scrutiny for a a data leak. Facebook is not new to controversy surrounding issues of privacy with users’ personal information and an announcement of a new bug doesn’t do much to help ease people’s concerns about how well the company is protecting the data people upload.
Unfortunately, Facebook recently released a statement that said even though they strive to avoid issues, they can’t ensure 100 percent effectiveness.
Facebook’s White Hate Program, which works in collaboration with external researchers to reduce the number of security vulnerabilities on the company’s website, received a report of a bug allowing people’s contact information, email addresses and phone numbers, to be accessed by either people who were friends with a user or through a shared connection.
Facebook didn’t publicly acknowledge the flaw until days after it was brought to the company’s attention, and the delay was because of company procedure that said affected users had to be notified because a public announcement was made.
This Facebook bug may have exposed the information of approximately six million users.
What happened with the bug?
Facebook said that the bug happened because when people upload their contact information, the site attempts to match the data with other people to generate friend recommendations. The glitch caused some of the information to be inadvertently stored in association with users’ regular account data. Therefore, if people downloaded a Facebook account archive through the Download Your Information (DYI) tool, additional email addresses or phone numbers may have been given out for their contacts or people they have a connection to.
As a result, Facebook temporarily disabled the DYI tool and fixed the problem. The company was able to turn the tool back on once they were satisfied the bug was fixed the company claimed.
The company has no evidence of cyber criminals launching a malicious attack and have not had any user complaints of strange behavior or requiring a system restore software. That said, “it’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,” Facebook stated.
The bug has been live since last year and was the result of a data mismanagement leak.