Facebook bug exposes personal information of 6M users

Posted:
in General Discussion edited January 2014
A Facebook security bug that has been in existence since last year was discovered this week, but only after the contact information of six million users had been exposed.

Facebook


Facebook acknowledged the bug's existence in a blog post on Friday, saying the error has existed on its servers since last year and has so far affected six million accounts, reports TechCrunch.

The bug, found by independent researchers through the company's White Hat program, exposes the personal contact information of certain accounts. According to the report, email addresses and phone numbers could be viewed by people who had "had some contact information about that person or some connection to them."

According to the company, the bug relates to the social network's friend discovery process.

When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don?t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
The bug caused some of the data used to connect with friends to be stored alongside a person's contact information. By using the Download Your Information tool, people were granted access to a user's private email addresses and phone numbers that would otherwise be hidden.

The DYI tool has since been deactivated as Facebook flushes the bug from its system.
«1

Comments

  • Reply 1 of 23
    robmrobm Posts: 1,068member
    Way to go FB !
    How anybody can trust these people with any info is beyond me.

    I dunno, the whole idea of being a "friend" in the cyber sense is a little weird. :D
  • Reply 2 of 23
    droidftwdroidftw Posts: 1,009member
    Facebook Privacy, an oxymoron if ever there was one.
  • Reply 3 of 23
    radjinradjin Posts: 165member
    No one should be allowed to upload their contacts. Did they ask those contacts if they wanted their address and phone numbers sent to FaceBook?
  • Reply 4 of 23
    nick29nick29 Posts: 111member
    "as Facebook flushes the bug from its system" haha. Something tells me that in the future there will be more and more of these "bugs", planted by private individuals, the government or Facebook itself. I'm on the verge of dumping this FB once I find a better way to stay in touch with friends abroad (probably just email). I only use FB it to reply to messages that were sent to me, which is very rare, given that they are mining all of my data.

    BTW does anyone else think that FB has one of the worst designs for a website? Ads are a given, but having a "home" page and a "profile" page with redundant elements and a clunky UI, it's garbage. How does an awkward, nerd like Zuckerberg sell himself on being a social wizard? Can't wait to see this fad die, its just a matter of time.
  • Reply 5 of 23


    Every company with a medium to larger user base has had security holes uncovered, from Facebook to Microsoft to Apple to Google to Amazon to credit companies to banks.


     


    It's a fact of life, unless one abstains from participating in anything online.

  • Reply 6 of 23
    nagrommenagromme Posts: 2,834member

    Quote:

    Originally Posted by StruckPaper View Post


    Every company with a medium to larger user base has had security holes uncovered, from Facebook to Microsoft to Apple to Google to Amazon to credit companies to banks.


     


    It's a fact of life, unless one abstains from participating in anything online.



     


    True, but for what it's worth, not every company profits equally by collecting, storing long-term, analyzing and selling the data. That's bread-and-butter for Facebook and Google, while Apple collects much less data, and stores even less. I agree--worry about ALL companies. Just not equally.


     


    Disclaimer: I loathe Facebook. NO I don't want to join your little social game! Bad friend!

  • Reply 7 of 23
    radjinradjin Posts: 165member
    It's really simple. Fine these companies such a huge amount every time they leak information, hack or bug. Once or twice being fined it should stop.
  • Reply 8 of 23
    trd105trd105 Posts: 13member

    Quote:

    Originally Posted by nagromme View Post


     


    Disclaimer: I loathe Facebook. NO I don't want to join your little social game! Bad friend!



     


    Sending me a game request puts that "friend" on the fast track to being "unfriended."

  • Reply 9 of 23
    tallest skiltallest skil Posts: 43,399member
    radjin wrote: »
    It's really simple. Fine these companies such a huge amount every time they leak information, hack or bug. Once or twice being fined it should stop.

    Can't fine for hacks. Fining for bugs would work, though.
  • Reply 10 of 23
    blah64blah64 Posts: 928member




    Originally Posted by Radjin View Post



    No one should be allowed to upload their contacts. Did they ask those contacts if they wanted their address and phone numbers sent to FaceBook?


     


    YES!  This is the problem with today's careless society.  It wasn't long ago when you would never have to be concerned with your friends giving your personal information to various corporations, because they would just never dream of it.  Now it's the ugly norm.  People are only concerned with their convenience, and you have to constantly remind people if you don't want to be in some third-pary corporate storehouse of personal data, and even still, some people can't get it through their thick skulls. :-(


     


    The only way to manage this is to ask your friends to NOT put your information into their electronic databases, period.  There's just no other way to manage it. Yes, it's inconvenient for them, but it's my information, so tough shit!

  • Reply 11 of 23
    blah64blah64 Posts: 928member

    Quote:

    Originally Posted by Radjin View Post



    It's really simple. Fine these companies such a huge amount every time they leak information, hack or bug. Once or twice being fined it should stop.


     


    I'd like to think it was that simple, but the truth is, just having all this data in massive online storehouses makes it nearly impossible to be 100% secure.  Software is complex, and there are many layers for bugs to creep in.


     


    Not that I'm opposed to imposing huge fines, I think that would help.  It's just not going to solve the problem entirely.  Mostly, the problem is social.  People think it's okay to send OTHER people's information around on the internet, and that's just flat out wrong.

  • Reply 12 of 23
    tallest skiltallest skil Posts: 43,399member
    blah64 wrote: »
    YES!  This is the problem with today's careless society.  It wasn't long ago when you would never have to be concerned with your friends giving your personal information to various corporations, because they would just never dream of it.  Now it's the ugly norm.

    Heck, I was raised to NEVER give out any personal information, not even a real name, to anyone online! That's how suitable people were raised on the Internet.

    "Ugly norm" isn't bad... I'll try to think of something more fiendish and descriptive...
  • Reply 13 of 23
    a2gsga2gsg Posts: 26member

    Quote:

    Originally Posted by Nick29 View Post



    I'm on the verge of dumping this FB... Can't wait to see this fad die, its just a matter of time.


     


    perhaps these 7 more reasons will help you clear The Verge and have this fad be dead:


     


    http://www.forbes.com/sites/timmaurer/2013/06/20/7-reasons-i-dumped-facebook/

  • Reply 14 of 23
    welshdogwelshdog Posts: 1,684member


    My Facebook account is a non de plume and I like it that way.  No real personal info is used.  My friends know who I am and get the little play on words in my name.  Technically this violates FB rules, but really, who cares?  Oh geez I broke the rules at Facebook.  I'm such a criminal.

  • Reply 15 of 23
    jlanddjlandd Posts: 873member


    Possibly the least flabbergasting thing I've seen all week.

  • Reply 16 of 23
    philboogiephilboogie Posts: 7,438member
    nick29 wrote: »
    "as Facebook flushes the bug from its system" haha. Something tells me that in the future there will be more and more of these "bugs", planted by private individuals, the government or Facebook itself. I'm on the verge of dumping this FB once I find a better way to stay in touch with friends abroad (probably just email). I only use FB it to reply to messages that were sent to me, which is very rare, given that they are mining all of my data.

    BTW does anyone else think that FB has one of the worst designs for a website? Ads are a given, but having a "home" page and a "profile" page with redundant elements and a clunky UI, it's garbage. How does an awkward, nerd like Zuckerberg sell himself on being a social wizard? Can't wait to see this fad die, its just a matter of time.

    Mail works best for me as well. To me, there's nothing social about the medium. People hang out their laundry, doesn't matter if it's dirty. It's mostly: "look what I bought" kinda posts.

    And their website is indeed awful. Can't even upload a picture through an URL.
    welshdog wrote: »
    My Facebook account is a non de plume and I like it that way.  No real personal info is used.  My friends know who I am and get the little play on words in my name.  Technically this violates FB rules, but really, who cares?  Oh geez I broke the rules at Facebook.  I'm such a criminal.

    Lol. Mark is the real criminal here:
    http://www.guardian.co.uk/technology/2012/may/18/mark-zuckerberg-facebook
    http://www.businessinsider.com/how-mark-zuckerberg-hacked-into-the-harvard-crimson-2010-3

    A rare insight into his teenage mind came to light in 2010, when the Business Insider website published a series of instant messaging conversations between Zuckerberg and his Harvard college friends in 2004. The correspondence is notable both because it exposed a steely ambition but also because Zuckerberg's machine-gun-fire missives were remarkably close to his unusually flat way of speaking.

    Zuckerberg appeared to confirm in one message that he secretly hacked into the website of the Harvard University newspaper, the Crimson, by guessing the emails and passwords of two people in the college database.

    "So I want to read what they said about me before the article came out and after I complained," he told one friend. "So I'm just like trying the email/passwords of everyone who put that they're in the Crimson. I wonder if the school tracks stuff like that."

    In another message, Zuckerberg joked that 4,000 people had submitted emails, pictures and addresses to his budding Harvard social network. "People just submitted it ... I don't know why ... They 'trust me' ... dumb fucks."
  • Reply 17 of 23
    evilutionevilution Posts: 1,356member
    Mark Suckerdick had one good idea, have a site that women can chat over and men can see if women are single, from that point on its been one bad idea and design after another. Every time they try to do something to the (initially poorly designed) site, it gets worse and less usable. Now it's just a privacy nightmare that grasses you up about everything you do and say.
  • Reply 18 of 23
    MacProMacPro Posts: 18,215member
    I rejoined FB recently just to see if it had changed much. The first thing it asked was could it access my Contacts? ... I said no (fracking way). I also have Little Snitch on 24/7 so I am reasonably confident I am ok but anyone who click 'yes' to that initial question seems to have nothing to complain about IMHO ... 'stupid is as stupid does' ...

    BTW I still don't quite see the point of it. If I want to show my friends and family pictures I use my Aperture / Photo Stream if I want to write to them I use email ...
  • Reply 19 of 23


    This is terrible! I'm praying for all the victims! /s

  • Reply 20 of 23

    Quote:

    Originally Posted by PhilBoogie View Post



    Zuckerberg appeared to confirm in one message that he secretly hacked into the website of the Harvard University newspaper, the Crimson, by guessing the emails and passwords of two people in the college database.



    "So I want to read what they said about me before the article came out and after I complained," he told one friend. "So I'm just like trying the email/passwords of everyone who put that they're in the Crimson. I wonder if the school tracks stuff like that."



    In another message, Zuckerberg joked that 4,000 people had submitted emails, pictures and addresses to his budding Harvard social network. "People just submitted it ... I don't know why ... They 'trust me' ... dumb fucks."


     


    It's my opinion that Zuckerberg is a kind of intelligent sociopath. Not quite immoral, but believes "the rest of us" are stupid and deserve to be exploited. Social norms and human relations are just another challenge for him to hack.

Sign In or Register to comment.