Facebook recently disclosed a bug found in their “Download Your Information” tool that accidentally exposed some members’ contact information. As a result, approximately six million users may have had their e-mail addresses or phone numbers exposed to another person according to a post on the social network’s security blog.
The post notes that describing the bug can get pretty technical but basically, here’s what happened. In the event that you elected to download a copy of your data using the above mentioned “Download Your Information” tool, there’s a change that the archive may have included the e-mail address or phone number for contacts or people with whom you have some connection.
The information is said to come from other people on Facebook and thus may not be accurate but either way, it was inadvertently included with the contacts of the person using the DYI tool. Facebook said the bug was patched within 24 hours of being reported.
Speaking of, the bug seemingly slipped past Facebook’s technical team and was reported earlier this month through their White Hat program. If you are unfamiliar, Facebook offers security researchers monetary rewards (minimum of $500) in exchange for information about bugs and security holes.
At present, the social network has no evidence that the bug was exploited in a malicious behavior and they have not received any complaints from users that would suggest any wrongdoing. As such, the impact of the bug is expected to be minimal.