Site   Web

July 4, 2013

Facebook Collecting Data for ‘Shadow Profiles’

Before last week’s Facebook faux pas, chances are you’d never heard of a “shadow profile.”

But the term is becoming more prevalent as users become more aware that private information may not always be private.

As reported on SiteProNews last week, a bug in Facebook’s system resulted in the contact information of six millions users being compromised. Users’ e-mail addresses and phone numbers were briefly accessible to other Facebook members as a result of the security slip-up, but Facebook vowed that, in most cases, people’s personal information didn’t make it far and added that there was no evidence to indicate that the bug was used for malicious purposes.

For almost all of the e-mail addresses or telephone numbers impacted, each individual e-mail address or telephone number was only included in a download once or twice. This means, in almost all cases, an e-mail address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook — not developers or advertisers — have access to the DYI tool,” Facebook said in a statement.

However, new information about the leak reveals that even people without a Facebook account may have been victims.

Yahoo News reports that “Facebook Shadow Profiles” are becoming a growing concern when it comes to private information being compromised.

Shadow profiles occur when the Facebook ‘Find Friends’ feature is utilized on mobile. Searching for Facebook users via their cellphone numbers and e-mail addresses is a great way to find friends, but it’s also a way for Facebook to gather and store personal information from millions of people — even from those who don’t have a Facebook profile.

The information is collected and stored via a shadow profile that’s ultimately stored in a huge Facebook data bank.

Where this gets tricky is when Facebook has a mishap like it did last week.

As Yahoo reports, “the bug at the heart of this controversy has been accidentally combining users shadow profiles with their real profiles, so when someone used Facebook’s ‘Download Your Information’ tool, it would include information that some Facebook users had not provided to the network.”

While Facebook has denied in the past that it keeps personal information of non-users, ZDNet reports the social network has been quoted as saying it’s “harvesting and matching offsite-sourced data to user profiles — creating these shadow profiles — ‘to better create friend suggestions’ for the user.”

After the leak, Facebook attempted to appease users’ concerns, saying the incident would have minimal effect.

Although the practical impact of this bug is likely to be minimal since any e-mail address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,” Facebook said in its blog post.