Facebook: Contact information for 6 million users may have been exposed through bug

LEON NEAL/AFP/GETTY IMAGES - (FILES) The logo of social networking website 'Facebook' is displayed on a computer screen.

Facebook said Friday that contact information for as many as 6 million of its users may have been exposed through a bug recently reported to the company’s security team.

In a company blog post written by Facebook’s security team, the social network said that the flaw allowed some people to see users’ e-mail addresses or phone numbers without permission.

More tech stories

Obama kicks around soccer ball with Japanese robot

Obama kicks around soccer ball with Japanese robot

President Obama briefly played soccer with a robot during his visit to Japan on Thursday. The president has been emphasizing technology along with security concerns during his visit.

Facebook 1Q results soar; CFO to step down

Facebook 1Q results soar; CFO to step down

Facebook’s first-quarter earnings and revenue grew sharply, surpassing Wall Street’s expectations thanks to an 82 percent increase in advertising revenue.

“When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations,” the company said in the post. “Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook.”

This additional contact information was then inadvertently included when users downloaded archives of their own Facebook information.

In almost all cases, the company said, an e-mail address or phone number was only exposed to one person. No other personal or financial information was included, and the firm said that developers and advertisers that use Facebook were not able to see in information.

The social network said that it does not believe the bug has been exploited for malicious purposes and that it hasn’t received any complaints from customers about the problem. The firm also said that it has notified regulators in the U.S., Canada and Europe about the breach.

The bug was found and reported by a security research using Facebook’s “White Hat” program, which pays individuals for finding security problems on its site.

(Washington Post Co. chairman and chief executive Donald E. Graham is a member of Facebook’s board of directors.)

Read what others are saying