Facebook user info exposed due to White Hat security bug

6 million Facebook users had their phone numbers and email addresses exposed due to a recent bug, the social network has admitted.

Joe Svetlik Reporter
Joe has been writing about consumer tech for nearly seven years now, but his liking for all things shiny goes back to the Gameboy he received aged eight (and that he still plays on at family gatherings, much to the annoyance of his parents). His pride and joy is an Infocus projector, whose 80-inch picture elevates movie nights to a whole new level.
Joe Svetlik
2 min read

Around 6 million Facebook users had their email addresses and phone numbers exposed due to a security glitch, the social network has admitted.

The users' info was only exposed briefly, and only to other Facebookers who already had some of their contact info, or some connection to them. But still, it's a little worrying, I'm sure you'll agree.

Facebook received a report to its White Hat programme -- which lets it collaborate with external security researchers to keep things watertight -- alerting it to the bug. So how did it happen? Facebook matches your contact lists with other people to generate friend recommendations. But because of the bug, some of the information used to make friend recommendations was accidentally stored with people's contact info as part of their Facebook account.

"As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection," Facebook said in a statement.

Facebook says it was able to fix the problem within 24 hours, and that the info was not used maliciously. It also hasn't received any complaints, or seen any untoward behaviour. In almost all cases, the email address and/or phone number was only exposed to one person, too.

Nevertheless, the site says it's still something it's "upset and embarrassed by" and it'll work "doubly hard to make sure nothing like this happens again."

Anyone affected will receive an email from Facebook notifying them.

Were your contact details exposed due to the bug? Are you worried about having so much personal info stored online? Let me know in the comments, or on our Fort Knox-like Facebook page.