Facebook Bug Exposes Contact Info of 6M Users

Facebook says it has fixed a glitch that may have exposed the email addresses and phone numbers of about 6 million users to other Facebook members. The bug involved the Download Your Information tool that allows people to upload their address books, and specifically the way Facebook used it to generate friend recommendations. TechCrunch reports that the bug had been live since last year, until Facebook's crowd-sourced White Hat program brought attention to it.

• Says Facebook: "We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," the company says in a blog post. "Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again."

• Be wary: This particular glitch may not be especially heinous, but it "sheds light on issues of safety related to uploading one’s address book and list of contacts to services which thrive on such personal data," writes Kara Swisher at AllThingsD. "Other companies like Path, Instagram, Twitter and many more also use contact importing tools such as these."
• Another Friday announcement? Security expert Graham Cluley is ticked that Facebook once again decided to inform the world of a glitch late on a Friday afternoon. "It’s called damage limitation," he writes. "For the Facebook brand, at least. It’s not called doing your level best to get the issue reported to as wide an audience as possible."

(More Facebook stories.)