FACEBOOK HACK EXPOSES CONTACT INFORMATION OF 6 MILLION USERS

Facebook has officially apologised for a bug in its system that led to the contact information of 6 million users being accidentally let out. According to the company, on Friday a bug was encountered that resulted in the contact information, such as email addresses or phone numbers, being accessed by other users who either had some contact information about that user or some mutual connection with them.

In a note that was released by Facebook Security yesterday, the company said that the root cause of the problem is “pretty technical” and was caused due to its "Download Your Information" tool. The Download Your Information tool, as the name suggests, allows users to access and save a copy of their personal account archive. This archive includes pictures and posts which may have connections or mentions of other users who are mutual friends. Facebook has always used the additional information that users upload on the site to streamline the friend suggestions that it provides for users.

And that is where the bug comes in. While tailoring personal data, the bug shifted some of the personal information such that it was accidentally stored in the affected user’s contact information, as a part of their Facebook accounts.

Thus, if someone were to use Download Your Information to get a copy of their account archive, they may have been provided with additional e-mail addresses or telephone numbers for their contacts, or for people that they have some form of connection with on the social networking site. And that is only part of the problem. Because the contact information was provided by other people on Facebook, the accuracy of the information can be questioned.

While the 6 million users who were affected by this represent a fraction of the 1 billion users that Facebook boasts, it is still a security flaw that has the potential to scare away prospective users. Facebook has said that there seemed to be no malicious intent behind the bug, and that it has fixed the problem and will soon inform all affected users via email.

Ironically, the bug was found not by Facebook's security team, but by someone who was taking part in Facebook's "White Hat" hacker programme, which offers a bounty for anyone who can find bugs on the site, paying a minimum reward of $500 per bug. The bounty is awarded "based on [the bug's] severity and creativity," according to Facebook's White Hat page.