Facebook bug exposes personal information of 6M users
A Facebook security bug that has been in existence since last year was discovered this week, but only after the contact information of six million users had been exposed.
Facebook acknowledged the bug's existence in a blog post on Friday, saying the error has existed on its servers since last year and has so far affected six million accounts, reports TechCrunch.
The bug, found by independent researchers through the company's White Hat program, exposes the personal contact information of certain accounts. According to the report, email addresses and phone numbers could be viewed by people who had "had some contact information about that person or some connection to them."
According to the company, the bug relates to the social network's friend discovery process.
When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don?t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
The bug caused some of the data used to connect with friends to be stored alongside a person's contact information. By using the Download Your Information tool, people were granted access to a user's private email addresses and phone numbers that would otherwise be hidden.
The DYI tool has since been deactivated as Facebook flushes the bug from its system.
Facebook acknowledged the bug's existence in a blog post on Friday, saying the error has existed on its servers since last year and has so far affected six million accounts, reports TechCrunch.
The bug, found by independent researchers through the company's White Hat program, exposes the personal contact information of certain accounts. According to the report, email addresses and phone numbers could be viewed by people who had "had some contact information about that person or some connection to them."
According to the company, the bug relates to the social network's friend discovery process.
When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don?t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
The bug caused some of the data used to connect with friends to be stored alongside a person's contact information. By using the Download Your Information tool, people were granted access to a user's private email addresses and phone numbers that would otherwise be hidden.
The DYI tool has since been deactivated as Facebook flushes the bug from its system.
Comments
How anybody can trust these people with any info is beyond me.
I dunno, the whole idea of being a "friend" in the cyber sense is a little weird.
BTW does anyone else think that FB has one of the worst designs for a website? Ads are a given, but having a "home" page and a "profile" page with redundant elements and a clunky UI, it's garbage. How does an awkward, nerd like Zuckerberg sell himself on being a social wizard? Can't wait to see this fad die, its just a matter of time.
Every company with a medium to larger user base has had security holes uncovered, from Facebook to Microsoft to Apple to Google to Amazon to credit companies to banks.
It's a fact of life, unless one abstains from participating in anything online.
Quote:
Originally Posted by StruckPaper
Every company with a medium to larger user base has had security holes uncovered, from Facebook to Microsoft to Apple to Google to Amazon to credit companies to banks.
It's a fact of life, unless one abstains from participating in anything online.
True, but for what it's worth, not every company profits equally by collecting, storing long-term, analyzing and selling the data. That's bread-and-butter for Facebook and Google, while Apple collects much less data, and stores even less. I agree--worry about ALL companies. Just not equally.
Disclaimer: I loathe Facebook. NO I don't want to join your little social game! Bad friend!
Quote:
Originally Posted by nagromme
Disclaimer: I loathe Facebook. NO I don't want to join your little social game! Bad friend!
Sending me a game request puts that "friend" on the fast track to being "unfriended."
Can't fine for hacks. Fining for bugs would work, though.
Originally Posted by Radjin
No one should be allowed to upload their contacts. Did they ask those contacts if they wanted their address and phone numbers sent to FaceBook?
YES! This is the problem with today's careless society. It wasn't long ago when you would never have to be concerned with your friends giving your personal information to various corporations, because they would just never dream of it. Now it's the ugly norm. People are only concerned with their convenience, and you have to constantly remind people if you don't want to be in some third-pary corporate storehouse of personal data, and even still, some people can't get it through their thick skulls. :-(
The only way to manage this is to ask your friends to NOT put your information into their electronic databases, period. There's just no other way to manage it. Yes, it's inconvenient for them, but it's my information, so tough shit!
Quote:
Originally Posted by Radjin
It's really simple. Fine these companies such a huge amount every time they leak information, hack or bug. Once or twice being fined it should stop.
I'd like to think it was that simple, but the truth is, just having all this data in massive online storehouses makes it nearly impossible to be 100% secure. Software is complex, and there are many layers for bugs to creep in.
Not that I'm opposed to imposing huge fines, I think that would help. It's just not going to solve the problem entirely. Mostly, the problem is social. People think it's okay to send OTHER people's information around on the internet, and that's just flat out wrong.
Heck, I was raised to NEVER give out any personal information, not even a real name, to anyone online! That's how suitable people were raised on the Internet.
"Ugly norm" isn't bad... I'll try to think of something more fiendish and descriptive...
Quote:
Originally Posted by Nick29
I'm on the verge of dumping this FB... Can't wait to see this fad die, its just a matter of time.
perhaps these 7 more reasons will help you clear The Verge and have this fad be dead:
http://www.forbes.com/sites/timmaurer/2013/06/20/7-reasons-i-dumped-facebook/
My Facebook account is a non de plume and I like it that way. No real personal info is used. My friends know who I am and get the little play on words in my name. Technically this violates FB rules, but really, who cares? Oh geez I broke the rules at Facebook. I'm such a criminal.
Possibly the least flabbergasting thing I've seen all week.
Mail works best for me as well. To me, there's nothing social about the medium. People hang out their laundry, doesn't matter if it's dirty. It's mostly: "look what I bought" kinda posts.
And their website is indeed awful. Can't even upload a picture through an URL.
Lol. Mark is the real criminal here:
http://www.guardian.co.uk/technology/2012/may/18/mark-zuckerberg-facebook
http://www.businessinsider.com/how-mark-zuckerberg-hacked-into-the-harvard-crimson-2010-3
A rare insight into his teenage mind came to light in 2010, when the Business Insider website published a series of instant messaging conversations between Zuckerberg and his Harvard college friends in 2004. The correspondence is notable both because it exposed a steely ambition but also because Zuckerberg's machine-gun-fire missives were remarkably close to his unusually flat way of speaking.
Zuckerberg appeared to confirm in one message that he secretly hacked into the website of the Harvard University newspaper, the Crimson, by guessing the emails and passwords of two people in the college database.
"So I want to read what they said about me before the article came out and after I complained," he told one friend. "So I'm just like trying the email/passwords of everyone who put that they're in the Crimson. I wonder if the school tracks stuff like that."
In another message, Zuckerberg joked that 4,000 people had submitted emails, pictures and addresses to his budding Harvard social network. "People just submitted it ... I don't know why ... They 'trust me' ... dumb fucks."
BTW I still don't quite see the point of it. If I want to show my friends and family pictures I use my Aperture / Photo Stream if I want to write to them I use email ...
This is terrible! I'm praying for all the victims! /s
Quote:
Originally Posted by PhilBoogie
Zuckerberg appeared to confirm in one message that he secretly hacked into the website of the Harvard University newspaper, the Crimson, by guessing the emails and passwords of two people in the college database.
"So I want to read what they said about me before the article came out and after I complained," he told one friend. "So I'm just like trying the email/passwords of everyone who put that they're in the Crimson. I wonder if the school tracks stuff like that."
In another message, Zuckerberg joked that 4,000 people had submitted emails, pictures and addresses to his budding Harvard social network. "People just submitted it ... I don't know why ... They 'trust me' ... dumb fucks."
It's my opinion that Zuckerberg is a kind of intelligent sociopath. Not quite immoral, but believes "the rest of us" are stupid and deserve to be exploited. Social norms and human relations are just another challenge for him to hack.