Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Firm: Facebook 'bug' worse than reported; non-users also affected

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 27 Jun 2013 05:44:50 +0000 (UTC)
http://www.zdnet.com/firm-facebook-bug-worse-than-reported-non-users-also-affected-7000017318/

By Violet Blue
Zero Day
ZDNet News
June 26, 2013
The security researchers who found Facebook's shadow profiles vulnerability have compared their numbers to what Facebook told its users in emails, and the numbers don't match.
They say Facebook told users the data exposure is much less than what the researchers found, and the researchers also say Facebook is hoarding non-user contact information — seen when it was also shared and exposed in the leak.
Friday Facebook announced the fix of a bug it said inadvertently exposed the private information of over six million users when Facebook's previously unknown shadow profiles accidentally merged with user accounts in data history record requests.
Since at least 2012, Facebook users who used the Download Your Information (DYI) tool to get their data history record also got an address book with contacts users had never provided to Facebook. 

[...]


--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/
Previous By Date Next
Previous By Thread Next

Current thread: