Feeds

back to article Facebook bug leaks contact info of 6 million users

Facebook's Download Your Information (DYI) tool has occasionally been criticized for not offering enough transparency into user-account data, but it recently revealed more than it intended when a bug led it to leak the contact information of some six million users. In an advisory posted on Friday, Facebook's security team …

COMMENTS

This topic is closed for new posts.

This post has been deleted by a moderator

IT Angle

RegEx

(.+)\sFAIL$

Yup, it's a match.

7
1

This post has been deleted by a moderator

Trollface

Re: RegEx

Ah, I should have specified re.DOTALL. Thanks for the additional test case, though.

0
0
Paris Hilton

Already covered - I would like to think

Don't know about most people here, but about eleventy-seven security and privacy goofs back I went through my Facebook profile and deleted EVERYTHING that I could. My profile has two things: My City (which makes sense) and my e-mail address - hardly a secret.

Almost every privacy setting is set to "Friends Only" and I vigorously block all the stupid spam that Facebook feeds me, and aside from "Scrabble" don't accept requests from games and apps and other dreck.

Still, I have no illusions about what Facebook might have on me, and who they would sell it to.

Funny things is that I have no real qualms about handing large swaths of my life to Google, storing my e-mail on their servers, and have never found their advertising particularly irritating.

1
0
B-D

Re: Already covered - I would like to think

It doesn't matter one iota what you put in, it is what everyone else around you puts in that matters, that is what Big Data is about.

It would be very easy to extrapolate your tastes and pleasures based upon your social circle and their preferences.

3
0
Anonymous Coward

Re: Already covered - I would like to think

Even not using Facebook at all can't protect you from Facebook, unless you have no friends IRL and never show your face in public.

At least that's my excuse.

0
0

Re: Already covered - I would like to think

"Still, I have no illusions about what Facebook might have on me"

I found out a few years back a little of what Facebook like to keep after you "delete" it.

I changed the e-mail address of my main account 3 years ago, and blocked and deleted a load of "friends" in the process. I have re-used that e-mail address for a couple of test accounts since, and each time Facebook would recommend I add all the people I deleted. More recently, it's started recommending I add people I work with (that are not friends with my main account). From what I can tell, even if you delete information like your contact details and who you want to be friends with, Facebook still keep a record behind the scenes.

Odlly enough, for all they go on about people having multiple accounts and how awful it is, they clearly know I have more than one and haven't auto-closed it or even given me a warning...

1
0

Re: Already covered - I would like to think (@Cari)

Yep, like I always say, the difference between a tattoo and something on the internet is that, no matter how painful or expensive, at least a tattoo can be removed.

0
0
Anonymous Coward

Re: Already covered - I would like to think

I'm always amazed when I add people I barely now (quite rare these days) and find their street address, phone number etc.

ID fraudsters dream. I personally hate the way these sites try to coerce you into using your real name, surely having a pseudonym means you aren't sharing information useful for ID fraudsters?

0
0
Silver badge
FAIL

Facebook has a security team?

And they're still employed?

1
0
MrT
Bronze badge

Re: Facebook has a security team?

That's the real news - it's just hidden with all this "6 million users" distraction...

0
0
Bronze badge

Re: Facebook has a security team?

More pertinently, their TESTING team should be staring down some P45s! Surely even mildly thorough testing of this tool would've shaken this out? This isn't a security failure, it's a QA one.

0
0
Silver badge

Yeah, every time I read those words I can't help smirking.

Facebook's security team.

<snicker><chuckle><giggle>

0
0
Bronze badge
FAIL

Missing Filter

Seems the fb security team forgot to add the "If account = NSA, giveall access" filter to their new setup.

1
0
Bronze badge
Coat

Facebook bug leaks contact info of 6 million users - But to each other

I thought that's what it was for?

1
0
Silver badge

Assurance

"... only other people could have had access to the data – as opposed to developers or advertisers ..."

Because developers and advertisers are not people and they don't have Facebook accounts.

2
0
Bronze badge

"Hello, is that the NSA? Facebook here. We've got some more user data we thought you might like, you know, for an extra fee. What do you say?"

"I thought we already had all your data? Under the contract we signed with you, we're supposed to have a direct intercept on your servers."

"Yes but this is a new, experimental product, the data is presented in a more accessible format."

"Well, we would normally be interested, but the hard disks are pretty full right now, so we cannot take any more data until next Wednesday."

"OK then, so what do we do with it?"

"Just throw it away, it's useless."

1
0
Silver badge
Trollface

So what?

Facebootards, remember! You're the product being dealt with, not the customer.

0
1
Bronze badge

Re: So what?

Just like with Google, Outlook.com, Yahoo, Twatter, and much of the other free services out there.

As an experiment try enabling prompts before setting cookies in your browser, and then count how many third-party 'wtf is that' domains you'll get requested to allow on the average ad displaying page...

1
0

This post has been deleted by its author

Bronze badge
WTF?

Facebook only has my fake data

I'm not particularly worried, as I only have fake data in my Facebook account. My email is the only true data point in there.

0
0
This topic is closed for new posts.