HTC First

Approximately 6 million users affected; no evidence of malicious exploits of the bug

Facebook's security team made a post today to let users know of a bug that was discovered and fixed that has revealed some user's contact information to "friends" they did not intend to share with. The bug, which was pointed out to Facebook's White Hat Program by an independent entity, involved the combination of users uploading their contacts lists to find connections on Facebook, and the service's Download Your Information (DYI) tool. When users upload their contacts list to the site, Facebook analyzes it to recommend friends that you do not already have connections with, matching up phone numbers and email addresses to keep from offering duplicate contacts. When going through this analysis, Facebook inadvertently stored this personal information with user's profiles, allowing it to then be given to other users who downloaded their data with the DYI tool.

The end result, Facebook says, is that approximately 6 million Facebook users possibly had their phone numbers or email addresses made available to people who used the DYI tool to download their own (and therefore friends publicly available) Facebook data. For a vast majority of the users who had their data inappropriately shared, Facebook claims each individual address or number was only downloaded with the DYI tool once or twice. No other types of personal information was made available, and the DYI tool was not used by developers or advertisers, just individual users.

Facebook also claims that it is not aware of any malicious or focused attacks that took advantage of this bug while it existed. For the short term, Facebook disabled its DYI data export tool until the bug was fixed, turning it on the next day to resume normal activity. This was a fluke accident that was luckily not exploited further, but now may be a good time to go ahead and check your Facebook privacy settings to make sure you're not also inadvertently sharing anything else.

Source: Facebook

 

Reader comments

Facebook bug improperly revealed some personal information to 'friends'

29 Comments

Everytime I see your HTC First, I want one, it looks nice.

Posted via Droid RAZR M on the Android Central App

Not really sure how this article is relevant to Android, in fact, I didn't see Android, Google or any of the Android OEMs mentioned even once.

It could be because Facebook has a billion users, a very large number of which are on Android. And the Facebook app is one of the most installed apps in the Play Store. Oh, and Facebook sells a phone that uses Android as its operating system.

No, it's news because Facebook has 665 million daily active users, and more than a few of them use Android, and privacy is kind of a big fat hairy deal.

And I wish clicks on AC equaled money in my pocket, but that's simply not the case. I get paid the same no matter how much more our traffic goes up. Same for everyone else here. I should really restructure my contract. lol

It certainly is a big deal, and it's nice that a site this big will report on it to keep the masses informed.

I also wasn't referring to you or Andrew specifically, as I believe you have as much journalistic integrity as I'm allowed to assess considering I am not even the slightest bit knowledgeable on the subject, but there are people involved with your parent company who aren't tied to simply a salary, and I bet they would take notice if you listened to the OP on this string of comments when deciding what and what not to publish.

They should provide a free service to give us a back up copy for free since they used our tax dollars to do it, in case we ever need a copy. Texted a picture of my middle finger and "NSA" hope they appreciate it

Seems like AC is quickly turning into Yahoo news. Now if we could just get some racist and/or homophobic comments it would be even closer.

AndroidGuardianCentral

Seriously, it's sad that I live in the US and have to go to news agencies from other countries to get most of my news about the US that is unbiased and also not corporately censored.

Does anybody have a problem with Facebook running in the background all times I'll turn off everything and I'll still see the battery usage all the way up. How can I change this besides removing the app from my phone?

You are so right,so glad I deleted my account in 2010. Never looked back on that idiotic "social" network. Go and live a little and stop sharing all your lives,nobody cares anyway.

Thank you guys for posting stuff like this. It's on topic enough, and important enough for me to know and I likely would have otherwise missed it as I don't frequent other websites.

I love it when people put "private" material on "social" media.

Posted from my Nexus 4 via Android Central App