Facebook has unwittingly exposed phone numbers and email addresses of 6 million users to unauthorized viewers. This has happened over the past year, the social network revealed late Friday.
The data leaks were caused by a bug in facebook’s “Download Your Information” tool. Due to the bug, Facebook users who downloaded contact data for their list of friends also obtained information such as phone numbers and email addresses of their friends, something they were not authorized to have.
The glitch was detected by Facebook’s White Hat program, which rewards security researchers for reporting vulnerabilities. The bug was resolved within 24 hours of detection.
However, the delay caused in making a public announcement was due to procedures that dictate that companies should notify the regulators and affected users first in such cases.
Facebook has denied that the “bug has been exploited maliciously.” But the social network acknowledged, “It’s … something we’re upset and embarrassed by.”
The details of the issue have been posted on Facebook Security blog.