Facebook announced yesterday a security bug which leaked the personal information of six million of its users. On Faceook’s Security page, the site’s White Hat team explained that information used to deliver friend recommendations had been “inadvertently stored with people’s contact information as part of their account on Facebook.” Users utilizing the DYI (download your information) tool, were reportedly given access to additional contact info for friends and in some cases friends of friends. They went on to say:
We’ve concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.
Speaking to engaget.com, Facebook reported that they had immediately disabled the tool, fixed the bug and re-enabled it within 24 hours of the bug’s discovery.