Facebook security has always been a concern. A few years ago, a flaw allowed you to see your friends’ private chat messages, and last month there was a report of malware that attacks an individual’s machine with the intent of accessing their Facebook page. With over a billion users sharing private data, the platform is a prime target for attacks, and the company must constantly be on the lookout for security flaws in their platform.
Now a new bug has been reported. Although already fixed, the company reports that the bug exposed the email addresses and phone numbers of six million Facebook users. The company ignores the technical description, stating that it “can get pretty technical,” but does explain how the bug was exploited. In essence, Facebook has code that adds intelligence when users upload their contact information to find more Facebook friends. If a user’s email address is already a member of Facebook, for example, they should be asked to be your friend instead of asking them to join Facebook. Unfortunately, this information was accidentally being stored in an area that was accessible via the “Download Your Information” (DYI) tool when it wasn’t supposed to be.
Facebook is downplaying the severity of the bug, saying that while there were six million leaks, most of the data was only downloaded once or twice and that there doesn’t appear to be any malicious intent. In addition, the data wasn’t accessible to corporations and advertisers, although we can’t be sure that an advertiser wasn’t one of the people who downloaded the data.
The company has paid a “bug bounty” to the person who revealed this flaw.
via Facebook exploit reveals six million identities – Neowin.