Facebook glitch exposes info of 6M users

[Locutus]

Facebook says a glitch may have exposed portions of the personal contact information, such as email addresses or phone numbers, of roughly 6 million users.


In a statement posted Friday, the social network says the bug is tied to uploading contact lists or address books, which are used in creating friend recommendations.


"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook," reads a statement from Facebook Security. "As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection."


more


Facebook glitch exposes info of 6M users

 

[Sal]

meh...if they are on my friend list they are welcome to it...anyone could look most of the info up so it is no biggy...unless I am misunderstanding something here.

 

[tay]

Some people put their life history on FB and of course if they do banking or credit card purchases that makes Identity Theft simplier..............

PS: I am not on FB. and don't get why people are on it.........

 

[Locutus]

Anger mounts after Facebook's 'shadow profiles' leak in bug


Friday Facebook announced the fix of a bug it said inadvertently exposed the private information of over six million users when Facebook's previously unknown shadow profiles accidentally merged with user accounts in data history record requests.

According to Reuters, the data leak spanned a year beginning in 2012.

The personal information leaked by the bug is information that had not been given to Facebook by the users - it is data Facebook has been compiling on its users behind closed doors, without their consent.

A growing number of Facebook users are furious and demand to know who saw private information they had expressly not given to Facebook.

Facebook was accidentally combining user's shadow profiles with their Facebook profiles and spitting the merged information out in one big clump to people they 'had some connection to' who downloaded an archive of their account with Facebook's Download Your Information (DYI) tool.

According to the admissions in its blog, posted late Friday afternoon, Facebook appears to be obtaining users' offsite email address and phone numbers and attempting to match them to other accounts. It appears that the invisible collected information is then being stored in each user's 'shadow profile' that is somehow attached to accounts.

Users were clearly unaware that offsite data about them was being collected, matched to them, and stored by Facebook.

Looking at comments on Facebook's blog and community websites such as Hacker News, Facebook users are extremely angry that the phone numbers and email addresses that are not-for-sharing have been gathered and saved (and now accidentally shared) by Facebook.

Facebook stated in its post yesterday that the bug was resolved, but Facebook users are telling a different story today in the comments.

One man commented this afternoon, "I just downloaded the "extended backup" and I'm still viewing emails and phone numbers that are NOT PUBLIC!!!!"

Facebook explained in its post that the bug shared information about a user that had been scraped from a source other than the personal data the user had ever entered into Facebook about themselves.

The action of the bug is that if a user downloaded their own Facebook history, that user would also download email addresses and phone numbers of their friends that other people had in their address books, without their friends ever knowing Facebook had gathered and stored that information.

This data is being gathered by Facebook about individuals through their friends' information about them - harvested when a user grants Facebook address book or contact list access.

Facebook did not specify which app or contact database tool was utilized when collecting and matching offsite-sourced data about users.

The social network said that it was harvesting and matching the offsite-sourced data to user profiles - creating these shadow profiles - "to better create friend suggestions" for the user.

Facebook users are deftly reading between the lines. One commenter on Hacker News observed wisely,

The blog says the fix was made in the DYI tool. That means they would continue to maintain "shadow profiles", but would stop letting others know that FB has a shadow profile on you.
​

more


Anger mounts after Facebook's 'shadow profiles' leak in bug | ZDNet

all your base...

 

[IdRatherBeSkiing]

If its sensitive info in any way ... it should not be stored on facebook period. I use my junk/business e-mail as my facebook e-mail and do not provide phone number of even where I live.

 

[taxslave]

If its sensitive info in any way ... it should not be stored on facebook period. I use my junk/business e-mail as my facebook e-mail and do not provide phone number of even where I live.

I went one better and made up a Bday as well. SOme of my friends still haven't figured it out.
I use fb mostly because I am away from home a lot and it is a good way to keep in touch. Also see my grandkids on skype.

 

[Nuggler]

:-(...........All my FB info would be quite boring I'm afraid.

We change passwords often and use dice to get random numbers. Kind of like a bored game.

Seee?...............boring.

 

[darkbeaver]

subject N changes passwords often and uses dice to get random numbers--we must have his FB info---it is vital to state security-- I think we can send this intel along to headquarters---stop transmission