back to article Facebook bug leaks contact info of 6 million users

Facebook's Download Your Information (DYI) tool has occasionally been criticized for not offering enough transparency into user-account data, but it recently revealed more than it intended when a bug led it to leak the contact information of some six million users. In an advisory posted on Friday, Facebook's security team …

COMMENTS

This topic is closed for new posts.
  1. Barry Rueger
    Paris Hilton

    Already covered - I would like to think

    Don't know about most people here, but about eleventy-seven security and privacy goofs back I went through my Facebook profile and deleted EVERYTHING that I could. My profile has two things: My City (which makes sense) and my e-mail address - hardly a secret.

    Almost every privacy setting is set to "Friends Only" and I vigorously block all the stupid spam that Facebook feeds me, and aside from "Scrabble" don't accept requests from games and apps and other dreck.

    Still, I have no illusions about what Facebook might have on me, and who they would sell it to.

    Funny things is that I have no real qualms about handing large swaths of my life to Google, storing my e-mail on their servers, and have never found their advertising particularly irritating.

    1. B-D

      Re: Already covered - I would like to think

      It doesn't matter one iota what you put in, it is what everyone else around you puts in that matters, that is what Big Data is about.

      It would be very easy to extrapolate your tastes and pleasures based upon your social circle and their preferences.

      1. Anonymous Coward
        Anonymous Coward

        Re: Already covered - I would like to think

        Even not using Facebook at all can't protect you from Facebook, unless you have no friends IRL and never show your face in public.

        At least that's my excuse.

    2. Cari

      Re: Already covered - I would like to think

      "Still, I have no illusions about what Facebook might have on me"

      I found out a few years back a little of what Facebook like to keep after you "delete" it.

      I changed the e-mail address of my main account 3 years ago, and blocked and deleted a load of "friends" in the process. I have re-used that e-mail address for a couple of test accounts since, and each time Facebook would recommend I add all the people I deleted. More recently, it's started recommending I add people I work with (that are not friends with my main account). From what I can tell, even if you delete information like your contact details and who you want to be friends with, Facebook still keep a record behind the scenes.

      Odlly enough, for all they go on about people having multiple accounts and how awful it is, they clearly know I have more than one and haven't auto-closed it or even given me a warning...

      1. Cubical Drone

        Re: Already covered - I would like to think (@Cari)

        Yep, like I always say, the difference between a tattoo and something on the internet is that, no matter how painful or expensive, at least a tattoo can be removed.

    3. Anonymous Coward
      Anonymous Coward

      Re: Already covered - I would like to think

      I'm always amazed when I add people I barely now (quite rare these days) and find their street address, phone number etc.

      ID fraudsters dream. I personally hate the way these sites try to coerce you into using your real name, surely having a pseudonym means you aren't sharing information useful for ID fraudsters?

  2. Winkypop Silver badge
    FAIL

    Facebook has a security team?

    And they're still employed?

    1. MrT

      Re: Facebook has a security team?

      That's the real news - it's just hidden with all this "6 million users" distraction...

    2. NogginTheNog

      Re: Facebook has a security team?

      More pertinently, their TESTING team should be staring down some P45s! Surely even mildly thorough testing of this tool would've shaken this out? This isn't a security failure, it's a QA one.

    3. Pascal Monett Silver badge

      Yeah, every time I read those words I can't help smirking.

      Facebook's security team.

      <snicker><chuckle><giggle>

  3. MrDamage Silver badge
    FAIL

    Missing Filter

    Seems the fb security team forgot to add the "If account = NSA, giveall access" filter to their new setup.

  4. smudge
    Coat

    Facebook bug leaks contact info of 6 million users - But to each other

    I thought that's what it was for?

  5. frank ly

    Assurance

    "... only other people could have had access to the data – as opposed to developers or advertisers ..."

    Because developers and advertisers are not people and they don't have Facebook accounts.

  6. Anomalous Cowshed

    "Hello, is that the NSA? Facebook here. We've got some more user data we thought you might like, you know, for an extra fee. What do you say?"

    "I thought we already had all your data? Under the contract we signed with you, we're supposed to have a direct intercept on your servers."

    "Yes but this is a new, experimental product, the data is presented in a more accessible format."

    "Well, we would normally be interested, but the hard disks are pretty full right now, so we cannot take any more data until next Wednesday."

    "OK then, so what do we do with it?"

    "Just throw it away, it's useless."

  7. Evil Auditor Silver badge
    Trollface

    So what?

    Facebootards, remember! You're the product being dealt with, not the customer.

    1. NogginTheNog

      Re: So what?

      Just like with Google, Outlook.com, Yahoo, Twatter, and much of the other free services out there.

      As an experiment try enabling prompts before setting cookies in your browser, and then count how many third-party 'wtf is that' domains you'll get requested to allow on the average ad displaying page...

  8. This post has been deleted by its author

  9. JCitizen
    WTF?

    Facebook only has my fake data

    I'm not particularly worried, as I only have fake data in my Facebook account. My email is the only true data point in there.

This topic is closed for new posts.

Other stories you might like