Facebook exploit reveals six million identities

Facebook security has always been a concern. A few years ago, a flaw allowed you to see your friends' private chat messages, and last month there was a  report of malware that attacks an individual's machine with the intent of accessing their Facebook page. With over a billion users sharing private data, the platform is a prime target for attacks, and the company must constantly be on the lookout for security flaws in their platform.

Now a new bug has been reported. Although already fixed, the company reports that the bug exposed the email addresses and phone numbers of six million Facebook users. The company ignores the technical description, stating that it "can get pretty technical," but does explain how the bug was exploited. In essence, Facebook has code that adds intelligence when users upload their contact information to find more Facebook friends. If a user's email address is already a member of Facebook, for example, they should be asked to be your friend instead of asking them to join Facebook. Unfortunately, this information was accidentally being stored in an area that was accessible via the "Download Your Information" (DYI) tool when it wasn't supposed to be.

Facebook is downplaying the severity of the bug, saying that while there were six million leaks, most of the data was only downloaded once or twice and that there doesn't appear to be any malicious intent. In addition, the data wasn't accessible to corporations and advertisers, although we can't be sure that an advertiser wasn't one of the people who downloaded the data.

The company has paid a "bug bounty" to the person who revealed this flaw.

Source: Facebook, Via: The Register | Facebook image courtesy of Shutterstock

Report a problem with article
Previous Story

Xbox One will be released 27th November, says Amazon

Next Story

Microsoft updates Windows 8 Xbox Music app with in-app searches

26 Comments

View more comments

Raa said,
This is why I don't use Facebook.

I want to get all my photos off facebook...then im gone... but its one hell of a battle... but i keep so much personal detail to my self... but facebook is now just a website to spy on the populous ...

SPEhosting said,

I want to get all my photos off facebook...then im gone... but its one hell of a battle... but i keep so much personal detail to my self... but facebook is now just a website to spy on the populous ...

Goto http://www.facebook.com/settings and click "Download a copy of your Facebook data." Link will be emailed to you once they've finished archiving it to a zip file. Download the zip.
Once you've verifiied that the zip contains all your images and messages etc, goto http://www.facebook.com/help/delete_account and perma delete your account.

sagum said,

Goto http://www.facebook.com/settings and click "Download a copy of your Facebook data." Link will be emailed to you once they've finished archiving it to a zip file. Download the zip.
Once you've verifiied that the zip contains all your images and messages etc, goto http://www.facebook.com/help/delete_account and perma delete your account.


Problem is, the moment you upload your photo's, you give rights to facebook.
And deleting your account, offcourse doesn't delete your account. The data isnt going to be deleted.

Shadowzz said,

Problem is, the moment you upload your photo's, you give rights to facebook.
And deleting your account, offcourse doesn't delete your account. The data isnt going to be deleted.

they do how ever have to remove all data if i request it (seeing as they are based in irelend and have to follow those laws :] ) but they make talking to them near impossible

Shadowzz said,

Problem is, the moment you upload your photo's, you give rights to facebook.
And deleting your account, offcourse doesn't delete your account. The data isnt going to be deleted.

That's absolutely true. I deleted my account a few years ago. Then, about a year and a half later, I tried to make a new account (for login services, etc.) and it just restored my old account with everything, including uploaded videos, still intact.

Shadowzz said,
Problem is, the moment you upload your photo's, you give rights to facebook.
And deleting your account, offcourse doesn't delete your account. The data isnt going to be deleted.

That's exactly why the EU is pushing tough new data protection laws which would give people the "right to be forgotten". Companies should not be allowed to indefinitely store user information without consent, especially after they have stopped using a service.

theyarecomingforyou said,

That's exactly why the EU is pushing tough new data protection laws which would give people the "right to be forgotten". Companies should not be allowed to indefinitely store user information without consent, especially after they have stopped using a service.


Right to be forgotten in Europe. It wont prevent em keeping the data on US based servers now does it. And if EU gov will start blocking Facebook in Europe for doing that, people will blame the EU and not Facebook.
EU often steps in to protect consumers, even sometimes when its not required. I barely see anyone praising the EU for its consumer laws, even though it has done a lot of good to us.

Shadowzz said,
Right to be forgotten in Europe. It wont prevent em keeping the data on US based servers now does it. And if EU gov will start blocking Facebook in Europe for doing that, people will blame the EU and not Facebook.

Yeah, but the leaked information about PRISM has caused the EU Justice Commissioner to take a much harder stance against the US's weak data protection laws and the EC has openly criticised US lobbying. The EU needs to stop backing down to the US.

Shadowzz said,
EU often steps in to protect consumers, even sometimes when its not required. I barely see anyone praising the EU for its consumer laws, even though it has done a lot of good to us.

Indeed. The EU has a strong record of pro-consumer legislation and of strong fines against anti-competitive behaviour. A great example of that is the recent ban on neonicotinoids, which countries like the UK actually opposed due to the influence of corporations. People dramatically undervalue the benefits provided by EU membership, in part because national governments blame it whenever they need a distraction.

meh, if you want to stay privet lock yourself inside.. Hell even then you cant you need to be on a housing register and somehow setup a payment system to pay the rent what means going out the house to work and getting a NI number here in the UK.

Someone always knows where you are, what you do for a living and where you live there is no getting away from this.

Wont your life to be privet? Die.

You had to use the "download my data" tool to actually get hold of this info, it's hardly a massive "leak". Even so, not great, but not a massive deal.

Enron said,
What's with that low resolution display in the article image? I can totally see the pixels.

you have to use an Retina (R) screen, you can't see them pixels, you know?

And supposedly intelligent people still think that anything they put out on the Internet remains private. When are they going to "get it," and realize that anything out on the Internet (including the Cloud) is public information, period. Its that simple.

Commenting is disabled on this article.