Facebook: Contact information for 6 million users may have been exposed through bug

LEON NEAL/AFP/GETTY IMAGES - (FILES) The logo of social networking website 'Facebook' is displayed on a computer screen.

Facebook said Friday that contact information for as many as 6 million of its users may have been exposed through a bug recently reported to the company’s security team.

In a company blog post written by Facebook’s security team, the social network said that the flaw allowed some people to see users’ e-mail addresses or phone numbers without permission.

More tech stories

Parking doesn’t have to be a hassle

Parking doesn’t have to be a hassle

Meet the man who wants to make parking in a garage as fun as riding in an Uber.

Big data: A double-edged sword

Big data: A double-edged sword

New information will improve our health and prevent crimes, but uncover skeletons and hurt privacy.

White House updating online privacy policy

White House updating online privacy policy

A new Obama administration privacy policy explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites, and it clarifies that online comments, whether tirades or tributes, are in the open domain.

“When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations,” the company said in the post. “Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook.”

This additional contact information was then inadvertently included when users downloaded archives of their own Facebook information.

In almost all cases, the company said, an e-mail address or phone number was only exposed to one person. No other personal or financial information was included, and the firm said that developers and advertisers that use Facebook were not able to see in information.

The social network said that it does not believe the bug has been exploited for malicious purposes and that it hasn’t received any complaints from customers about the problem. The firm also said that it has notified regulators in the U.S., Canada and Europe about the breach.

The bug was found and reported by a security research using Facebook’s “White Hat” program, which pays individuals for finding security problems on its site.

(Washington Post Co. chairman and chief executive Donald E. Graham is a member of Facebook’s board of directors.)

Read what others are saying