A Facebook security glitch or bug accidentally exposed the contact information of up to 6 millions users to other users who were connected to them, reports TechCrunch.
According to a statement by the social website’s security team, Facebook uses the contact information of its users to generate friend recommendations. The bug made some of that private contact information, like e-mail addresses and phone numbers, available for others to download.
“Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook,” the statement said. “As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.”
What’s even worse is that the bug has apparently been present since last year, but the Facebook security team fixed it as soon as it was brought to their attention. On the upside, the company said that a user’s contact information was only downloaded once or twice, exposing that information to as little as just one person. The bug was also not “exploited maliciously.”
“For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice,” the security team said. “This means, in almost all cases, an email address or telephone number was only exposed to one person.”
Facebook is currently in the process of reaching out to those affected users.