HTC First

Approximately 6 million users affected; no evidence of malicious exploits of the bug

Facebook's security team made a post today to let users know of a bug that was discovered and fixed that has revealed some user's contact information to "friends" they did not intend to share with. The bug, which was pointed out to Facebook's White Hat Program by an independent entity, involved the combination of users uploading their contacts lists to find connections on Facebook, and the service's Download Your Information (DYI) tool. When users upload their contacts list to the site, Facebook analyzes it to recommend friends that you do not already have connections with, matching up phone numbers and email addresses to keep from offering duplicate contacts. When going through this analysis, Facebook inadvertently stored this personal information with user's profiles, allowing it to then be given to other users who downloaded their data with the DYI tool.

The end result, Facebook says, is that approximately 6 million Facebook users possibly had their phone numbers or email addresses made available to people who used the DYI tool to download their own (and therefore friends publicly available) Facebook data. For a vast majority of the users who had their data inappropriately shared, Facebook claims each individual address or number was only downloaded with the DYI tool once or twice. No other types of personal information was made available, and the DYI tool was not used by developers or advertisers, just individual users.

Facebook also claims that it is not aware of any malicious or focused attacks that took advantage of this bug while it existed. For the short term, Facebook disabled its DYI data export tool until the bug was fixed, turning it on the next day to resume normal activity. This was a fluke accident that was luckily not exploited further, but now may be a good time to go ahead and check your Facebook privacy settings to make sure you're not also inadvertently sharing anything else.

Source: Facebook

There are 29 comments

cgardnervt says:

I got the email.

richardpandy says:

Same here but my phone # is publicly available on the internet since I run a small business, heh.

Cl3ms says:

Me too...

A895 says:

Everytime I see your HTC First, I want one, it looks nice.

Posted via Droid RAZR M on the Android Central App

ChrisM0678 says:

Not really sure how this article is relevant to Android, in fact, I didn't see Android, Google or any of the Android OEMs mentioned even once.

It could be because Facebook has a billion users, a very large number of which are on Android. And the Facebook app is one of the most installed apps in the Play Store. Oh, and Facebook sells a phone that uses Android as its operating system.

cole2kb says:

Because people will click on it and clicks for AC equals money in their pocket.

No, it's news because Facebook has 665 million daily active users, and more than a few of them use Android, and privacy is kind of a big fat hairy deal.

And I wish clicks on AC equaled money in my pocket, but that's simply not the case. I get paid the same no matter how much more our traffic goes up. Same for everyone else here. I should really restructure my contract. lol

cole2kb says:

It certainly is a big deal, and it's nice that a site this big will report on it to keep the masses informed.

I also wasn't referring to you or Andrew specifically, as I believe you have as much journalistic integrity as I'm allowed to assess considering I am not even the slightest bit knowledgeable on the subject, but there are people involved with your parent company who aren't tied to simply a salary, and I bet they would take notice if you listened to the OP on this string of comments when deciding what and what not to publish.

l00natic71 says:

It's ok, the govt already has a backup of all my info.

mwara244 says:

They should provide a free service to give us a back up copy for free since they used our tax dollars to do it, in case we ever need a copy. Texted a picture of my middle finger and "NSA" hope they appreciate it

return_0 says:

That's what ya get for using Facebook! ;)

Posted via Android Central App

ab304945 says:

I don't have any personal info on face book

Posted via Android Central App

blankit says:

That's why I don't use Facebook

Posted via Android Central App

Clak says:

Seems like AC is quickly turning into Yahoo news. Now if we could just get some racist and/or homophobic comments it would be even closer.

Seems like it was only yesterday that we covered a half-dozen devices in London.

Oh, wait. It was yesterday.

mwara244 says:


Seriously, it's sad that I live in the US and have to go to news agencies from other countries to get most of my news about the US that is unbiased and also not corporately censored.

Deegan says:

Yah burnt!

AnthonyRyan says:

Does anybody have a problem with Facebook running in the background all times I'll turn off everything and I'll still see the battery usage all the way up. How can I change this besides removing the app from my phone?

You can try turning off some notifications and turning down or off the sync interval in the settings.

AnthonyRyan says:

I do that all the time. I turn off all of those things off and still the same with the battery issues.

balthuszar says:

i'm getting an in-app notification of an update on my facebook app...any ideas what this is?

Evoken says:

Oh glad I deleted my account months ago. Facebook, go home.

Fiend2013 says:

You are so right,so glad I deleted my account in 2010. Never looked back on that idiotic "social" network. Go and live a little and stop sharing all your lives,nobody cares anyway.

Voliam says:

Sounds like the NSA just "friended" 6 million people.

tshepomk says:

I dont use Facebook app, but i use friendcaster.

Posted via Android Central App

ACADM says:

I'm sure the NSA knew about this ages ago and exploited the living daylights out of it.

misterfan says:

Thank you guys for posting stuff like this. It's on topic enough, and important enough for me to know and I likely would have otherwise missed it as I don't frequent other websites.

artlu629 says:

I love it when people put "private" material on "social" media.

Posted from my Nexus 4 via Android Central App