Facebook bug exposed contact info of 6M users

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-1023_3-57590528-93/facebook-bug-exposed-contact-info-of-6m-users/

By Jennifer Van Grove
CNET News
June 21, 2013

Facebook is alerting 6 million of its users that their e-mails or phone 
numbers were inadvertently shared with other members.

The social network said Friday that it has discovered and patched a bug in 
its "Download Your Information" tool that unintentionally exposed some 
members' contact details. The bug was reported earlier this month through 
the company's White Hat program, which rewards security researchers for 
reporting vulnerabilities. The bug was fixed within 24 hours, a company 
spokesperson told CNET.

"It's ... something we're upset and embarrassed by," Facebook said in a 
note published to its security blog. "We'll work doubly hard to make sure 
nothing like this happens again."

The glitch itself is a bit difficult to explain, but essentially if you 
chose to download a copy of your data, your Facebook archive may have 
included the phone number or e-mail address of a person who you are 
connected to but did not have those particular contact details for. The 
extra information was provided because of a hiccup during the friend 
recommendation process.

Facebook explained the situation security blog with the following 
description:

[...]



_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org