Thursday, October 3, 2013

Facebook security bug exposed 6 million users' personal information (update)

Facebook security bug exposed 6 million users' personal information (update) data = {blogUrl: "",v: 315};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20631323' !== '') ? 'bsd:20631323' : ''; var postID = '20631323'; var modalMNo = '93319229', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"internet",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"sarah-silbert", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14d",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93319229", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("") onBreak({980: function () {htmlAdWH("93308280", "215", "35",'AJAX','ajaxsponsor');}});Facebook security bug exposed 6 million users' personal information (update)BypostedJun 21st, 2013 at 5:13 PM 0

Facebook security bug exposed 6 million users' personal information

Today, Facebook announced a security bug that compromised the personal account information of six million users. In a post on the Facebook Security page, the site's White Hat team explained that some of the information the site uses to deliver friend recommendations was "inadvertently stored with people's contact information as part of their account on Facebook." When users downloaded an archive of their account via the DYI (download your information) tool, some were apparently given access to additional contact info for friends and even friends of friends. The post continues:

We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.

Facebook says it's temporarily disabled the DYI tool to fix the breach. We've reached out to the site for further comment; for now, read the official statement via the source link below.

Update: Facebook has responded to our inquiries and stated that while the bug was discovered earlier this month, "it had been live since last year." They immediately disabled the tool, fixed the bug and reenabled it within 24 hours of the bug's discovery. The bug was reported to them through a White Hat program for external security researchers.



Post a Comment