Firm: Facebook ‘bug’ worse than reported; non-users also affected
Summary: According to the firm who found the bug, Facebook’s email to six million users affected by its shadow profiles leak left out some numbers. Plus, non-user contacts were also leaked. UPDATED with Facebook responses (inline).
The security researchers who found Facebook’s shadow profiles vulnerability have compared their numbers to what Facebook told its users in emails, and the numbers don’t match.
They say Facebook told users the data exposure is much less than what the researchers found, and the researchers also say Facebook is hoarding non-user contact information — seen when it was also shared and exposed in the leak.
Friday Facebook announced the fix of a bug it said inadvertently exposed the private information of over six million users when Facebook’s previously unknown shadow profiles accidentally merged with user accounts in data history record requests.
Since at least 2012, Facebook users who used the Download Your Information (DYI) tool to get their data history record also got an address book with contacts users had never provided to Facebook.
Facebook explained the issue to ZDNet Sunday after user anger exploded — saying that when a Facebook user uploads an address book, the social network obtains all contacts in the user’s database and saves all of them.
Users are still furious and were unaware that their not-for-sharing, offsite phone numbers and email addresses are being collected, stored, secretly matched to them (and now accidentally shared) by Facebook.
The Tap Blog is a collective of like-minded researchers and writers who’ve joined forces to distribute information and voice opinions avoided by the world’s media.