I have been coding for almost two decades now. I gather a tremendous amount of intelligence, through legal means, based upon other’s stupidity. Below is a reason why I would NEVER use DramaBook, oops Facebook,
Facebook’s WhiteHat Security Detail is reporting on a breech of 6 MILLION ACCOUNTS,
We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.
Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool.
After review and confirmation of the bug by our security team, we immediately disabled the DYI tool to fix the problem and were able to turn the tool back on the next day once we were satisfied that the problem had been fixed.
We’ve concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.
Facebook reported late Friday afternoon that a software bug or glitch in its systems left users’ personal information exposed to people who weren’t necessarily their friends on the service. The social network has fixed the issue and is informing affected users.
“We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them,” Facebook’s Security team wrote in a post published on Friday at around 5 p.m. ET.
The team explained that the bug or glitch, while very technical, was a result of the feature that allows Facebook to access users’ contact lists or address books. That feature allows Facebook to suggest that you be friends with the people in your address book on the social network. It will either suggest you become their friend on the service, if they are already on it, or that you invite them to the service.
Here’s what the bug was doing: If you had uploaded your address book and you had a friend named Karen with the e-mail address email@example.com and firstname.lastname@example.org, Facebook would house that information in its database. When Mark joined Facebook and put in his address book with just Karen’s email@example.com address, it would suggest that he become friends with Karen and maybe even you.
But with the glitch, if Mark had then used Facebook’s Download Your Information tool, he would have been given Karen’s other email address — firstname.lastname@example.org — even though he had never had it.
“As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection,” Facebook explained.
Facebook said that some of that information provided might have been inaccurate and believes that the six million Facebook users who had their email or telephone numbers shared with people only had it shared once. Additionally, it was likely shared with someone they knew through someone else.
“This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information was included and only people on Facebook — not developers or advertisers — have access to the DYI tool,” the post read.
The social network said there is “no evidence” that the bug was exploited by hackers. McAfee security expert Robert Siciliano also believed that it probably wasn’t.
“It’s still disturbing, however, that it happened in the first place,” Siciliano said. “Certainly, it’s good that Facebook is bringing this to the public’s attention. Facebook knows it needs to be vigilant and consumers need to be, too.”
Siciliano said the chances of this affecting a person’s identity were very slim, but he said consumers should be on the look out for fake emails from Facebook or other organizations. He also reminded users that they should change their passwords every six months.
“Our information is out there and it is of value,” he said. “As long as we put it out there we have to know there are risks as a result.”