Facebook revealed that Phone numbers and email addresses belonging to some 6 million Facebook users have been improperly shared to a software bug.
“When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations,” the company said in the post. “Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook.”
The bug was found and reported by a security research using Facebook’s “White Hat” program last week and it’s fixed with in 24 hrs.But Facebook did not publicly acknowledge the bug until Friday afternoon, when it published an “important message” on its blog explaining the issue.
“We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing,” Facebook said on its blog.
The company said that it disabled the DYI tool for a day but has restarted it after fixing the bug.
Facebook has already notified their regulators in the US, Canada and Europe, and it is in the process of notifying affected users via email.
