Facebook reports security breach

June 26, 2013

Facebook has been subject to a data breach that could have put the personal details of millions of users under threat.

In an official post , the website revealed that it had received notification to its White Hat program that a bug could have enabled people to access the contact information of others.

Email addresses and phone numbers were most at risk, with Facebook revealing that up to six million of its users could have been affected.

The social networking site matches data stored in contact lists or address books with the information of other people to create friend recommendations.

This latest bug meant that some of the data used to make these recommendations was inadvertently stored "in association with people’s contact information as part of their account on Facebook".

If a person therefore went to download an archive of their Facebook account using the Download Your Information (DYI) tool, they may have been given additional email addresses or contacts for people they might have some connection with.

In order to improve mobile application security and the safety of its website in general, Facebook promptly disabled the DYI tool and switched it back on again once the issue had been dealt with.

The public has been assured that developers and advertisers do not have any access to the DYI tool and that no other type of personal or financial information was affected by the bug.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behaviour on the tool or site to suggest wrongdoing," the official post stated.

It said that in reality, the practical impact of the bug is likely to be restricted because the email address and phone number that was shared was given to those who already had some of the contact information anyway.

However, Facebook explained that it is "upset and embarrassed" by this latest development, assuring users that it will "work doubly hard to make sure nothing like this happens again".

Affected users will be contacted via email and regulators all over the world have been informed of the breach.

Facebook collaborates with external security researchers to ensure that information is kept as secure as it can be.

It was a member of this team that provided the report into this particular bug and he has received a "bug bounty" for his efforts.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *