Facebook is notoriously bad for privacy and security. While the social network has recently been implicated in Prism, its poor reputation precedes that scandal. Only five months ago, it was discovered that you can search for a person on Facebook with nothing but their phone number — a stalker’s dream come true. Frequently changing and overly complicated privacy settings don’t help the company’s cause either.
Today, Facebook announces that it has blundered once again. The social media giant says “We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them”.
Facebook further says “if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool”.
In other words, Facebook may have exposed your contact information.
The company states “approximately 6 million Facebook users had email addresses or telephone numbers shared” along with “other email addresses or telephone numbers… not connected to any Facebook users”.
While Facebook claims it will email the affected parties, should a user just assume that no email means all is well? Further, while Facebook does say it is embarrassed by the data breech — which continued undetected for a year — and it values its user’s trust, there are two words absent from the company’s statement — “sorry” and “apologize”.