June 24, 2013
The bug caused users’ e-mail addresses and phone numbers to be accessed by other Facebook members who either had a connection to the person or at least some contact information.
“Even with a strong team, no company can ensure 100 percent prevention of bugs, and in rare cases we don’t discover a problem until it has already affected a person’s account,” Facebook said in a blog post.
“For almost all of the e-mail addresses or telephone numbers impacted, each individual e-mail address or telephone number was only included in a download once or twice. This means, in almost all cases, an e-mail address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers — have access to the DYI tool.”
The social media site said there is no evidence that the bug was used for malicious reasons.
Facebook said although the cause of the bug is “pretty technical,” it is linked to the network’s Download Your Information (DYI) tool.
The bug infected some of the information Facebook uses to make friend recommendations and, as a result, that information was accidentally stored “in association with people’s contact information as part of their account on Facebook.”
This means, in some cases, a person who downloaded an archive of their Facebook account through the DYI tool was provided with additional e-mail addresses or telephone numbers for their contacts or for those with whom they have a remote connection.
“This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool,” Facebook said.
The social network said the problem has been fixed and it is currently contacting via e-mail all users who were affected.
“Although the practical impact of this bug is likely to be minimal since any e-mail address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,” Facebook said in its blog post.
“Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure.”