Cookie consent

We use cookies to improve your experience on this website. By continuing to browse our site you agree to our use of cookies. Tell me more | Cookie preferences

Facebook bug exposes some contact information

The bug, which has been repaired, was part of Facebook's Download Your Information tool.

Story highlights

  • Facebook found and fixed a bug that compromised the contact information of 6M users
  • The exposure of e-mail addresses and phone number appears to be very limited
  • A third-party security researcher found and reported the bug

A newly discovered Facebook bug may have inadvertently compromised the contact information of 6 million users, the company says.

The bug, which has since been repaired, was part of the Download Your Information tool, which lets Facebook users export all the data from profiles, such as posts to their timeline and conversations with friends. People using the tool may have downloaded inadvertently the contact information for people they were somehow connected to.

Some people upload their contact lists or address books to Facebook, which the company then uses to suggest new friends they can connect with who are already using the service.

Though the number of people impacted is sizable, the actual spread of their contact information appears to be limited. The phone numbers and e-mail addresses were not exposed to developers or posted publicly. It is only shown to people they had at least a tentative connection with, and who may have already had their contact information. Even in that pool, it was only exposed to people who had used the data-exporting tool.

"For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person," Facebook's security team said in a post.

    Just Watched

    Internet expert: Double security efforts

Internet expert: Double security efforts 03:36

    Just Watched

    How's Facebook doing after IPO?

How's Facebook doing after IPO? 03:08

    Just Watched

    Mobile ads boost Facebook revenue

Mobile ads boost Facebook revenue 07:00

The company says it has no evidence that the bug was "exploited maliciously" and that there have been no complaints so far.

    The social media company announced the bug on Friday afternoon. The issue was discovered by a third-party security researcher who submitted it through Facebook's White Hat program.

    Facebook's White Hat program is set up so that people such as security researchers can report any vulnerabilities they find on the social network and get a reward for $500 and up in return. These types of programs are common at Internet companies.

    "Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure," read the post.

    People who were affected by the bug will receive an e-mail from Facebook.