According to Facebook officials, a new Facebook bug compromised the contact information of around 6 million users but as soon as the bug was reported it was fixed within 24 hours. The bug was part of Facebook’s Download Your Information tool and exposed user contacts and email addresses.
According to the security spokesperson of Facebook, the bug was in the algorithm which is used to find recommendations of friends by accessing personal emails and contact information from the user’s personal profile. The algorithm matches the contact information retrieved with other contacts and generates friend recommendations, but due to this bug, the email addresses and contacts which are being used for friend recommendation are accidentally stored in associated Facebook profiles which are being used to match the credentials.
These details are then visible to a person if he tends to download his information from Facebook using the DIY tool. As a result, a person could see more than one email address and contact information of other users in his information package.
The shocking news is that this bug has been live on Facebook since last year and was unnoticed until the last week. As per Facebook officials, the bug has not been used in any “malicious act” and was fixed as soon as it was reported. The company also didn’t receive any complaints about this security hole earlier than the previous week and that was the reason the bug had not been noticed for so long. All those who have been affected by this bug will receive an email from Facebook Security shortly.
According to the official Facebook post:
“For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice”.
That means if any user is affected by this bug, its information will be exposed to only one person entirely and no private information like passwords, integrated account details and neither any financial information are exposed in any way.
The bug was discovered and reported by a researcher who submitted it to Facebook White Hat Program on Saturday. Facebook also announced a bug bounty of $500 for the security researcher who has explored and reported this bug. The social networking giant also said that it will always appreciate such security researchers and will reward them dearly.