Forgot your password?
typodupeerror
Facebook Privacy Security

Facebook Bug Exposed 6 Million Users 75

Posted by Soulskill
from the just-a-handful dept.
jamaicaplain sends this quote from the NY Times: "Facebook has inadvertently exposed six million users' phone numbers and e-mail addresses to unauthorized viewers over the last year, the company said late Friday. Facebook blamed the data leaks, which began in 2012, on a technical flaw in its huge archive of contact information collected from its 1.1 billion users worldwide. As a result of the problem, Facebook users who downloaded contact data for their list of friends obtained additional information that they were not supposed to have. Facebook's security team was alerted to the problem last week and fixed it within 24 hours. But Facebook did not publicly acknowledge the flaw until Friday afternoon, when it published a message on its blog explaining the situation."
This discussion has been archived. No new comments can be posted.

Facebook Bug Exposed 6 Million Users

Comments Filter:
  • The bug was (Score:2, Insightful)

    by Anonymous Coward

    That it didn't expose them to advertisers.

  • by 140Mandak262Jamuna (970587) on Saturday June 22, 2013 @09:36AM (#44078051) Journal
    This highly confidential data is very valuable thing and the most important thing Facebook is selling to its "partners". Leaking this information for free without collecting revenue is highly detrimental to the company. They have since fixed the problem, it is all well and good. You now have to become a "partner" and pay the required fees to Facebook to get such confidential data.
    • by swillden (191260) <shawn-ds@willden.org> on Saturday June 22, 2013 @11:10AM (#44078445) Homepage Journal

      I feel funny defending Facebook, but unless they're blatantly violating their own published privacy policy, they don't sell personally-identifiable information to others. While it's possible they're intentionally violating their policy, I think that's unlikely.

      • by PolygamousRanchKid (1290638) on Saturday June 22, 2013 @11:43AM (#44078651)

        I feel funny defending Facebook, but unless they're blatantly violating their own published privacy policy, they don't sell personally-identifiable information to others. While it's possible they're intentionally violating their policy, I think that's unlikely.

        I feel funny defending the NSA, but unless they're blatantly violating their own published privacy policy, they don't spy on US citizens. While it's possible they're intentionally violating their policy, I think that's unlikely.

        • by swillden (191260)

          I feel funny defending Facebook, but unless they're blatantly violating their own published privacy policy, they don't sell personally-identifiable information to others. While it's possible they're intentionally violating their policy, I think that's unlikely.

          I feel funny defending the NSA, but unless they're blatantly violating their own published privacy policy, they don't spy on US citizens. While it's possible they're intentionally violating their policy, I think that's unlikely.

          Absent evidence to the contrary -- which we now possess -- I would agree. The thing about large-scale deceptions is that they tend to get outed. That applies both to government and private industry.

      • In Canada at least, Tor is awful. Because others can use your connection as well, if someone looks at child porn from behind your connection, you are guilty of distribution.

        ...Says the dude on the internet that apparently didn't read the note above the "Allow" button when he signed up for Farmville.

      • I feel funny defending Facebook, but unless they're blatantly violating their own published privacy policy, they don't sell personally-identifiable information to others. While it's possible they're intentionally violating their policy, I think that's unlikely.

        ...Says the dude on the internet that apparently didn't read the note above the "Allow" button when he signed up for Farmville.

        • by swillden (191260)

          I feel funny defending Facebook, but unless they're blatantly violating their own published privacy policy, they don't sell personally-identifiable information to others. While it's possible they're intentionally violating their policy, I think that's unlikely.

          ...Says the dude on the internet that apparently didn't read the note above the "Allow" button when he signed up for Farmville.

          Actually, I never signed up for Farmville... and I don't even use Facebook any more :)

          But, yes, if you explicitly give them permission to share your info then they have your permission.

      • Yes, they don't SELL pii to others.

        They only RENT it.

  • by I'm New Around Here (1154723) on Saturday June 22, 2013 @09:36AM (#44078059)

    I don't act smug and superior when I tell people I don't have a Facebook page.

    But I think I should start.

    • by l3v1 (787564)
      You're not "smug and superior". You're full of ... reason.
      • You're not "smug and superior". You're full of ... reason.

        It's not an either/or situation - they make a great combo.

    • by Anonymous Coward

      I don't act smug and superior when I tell people I don't have a Facebook page.

      But I think I should start.

      You say you don't act smug and superior, but it is very interesting how much people on Slashdot feel the need to brag about not using Facebook.

    • I don't understand what acting smug and superior in saying you don't use Facebook will accomplish. I'm not saying it is a bad idea, I just want to know your reasoning before forming an opinion of your opinion.
      • by Anonymous Coward
        I used to use Facebook on perhaps a weekly basis. But, you soon find that the people who you typically "friend" - your family and people you know - just send around idiotic conspiracy theories, pass on bogus "tell all your friends about this" spam, lame ass religious notes, scans of old pictures from the 1970's, etc. Oh, and they sometimes yell at you for no good reason too. I'm glad I left and went to Google+ where you typically don't follow people you know IRL as much and, instead, engage with interesting
    • also it kind of tends to break alot

    • by Anonymous Coward

      You're right, and I'm also tired of political correctness and respectful behavior at all costs. The crude truth is that those who don't use facebook are actually superior. Period.

      If a person tells the world real name, friends, photos, what he/she does at any moment of the day and many other personal details that not even a spy agency would have, he/she is simply a dumbass. OBJECTION: how is it possible that there more than 1 billion dumbasses in the world? Sorry, it IS possible. Not nice to say it, but it

      • OBJECTION: how is it possible that there more than 1 billion dumbasses in the world? Sorry, it IS possible.

        This same set of fuckwits are also the ones complaining about the NSA shit. Now, the NSA by many accounts is up to some fucked up stuff, but for one to complain about being spied on while at the same time posting every boring detail of their life on facebook is the true mark of a mouth breather.

    • Don't worry. Facebook will make a page for you.
    • by MogNuts (97512)

      Ha you should. I held out too all these years. Long story though, but I finally might be forced to use it. :(

      On that note, because I don't want to give facebook that data to begin with and have it act as malware and scrape all my email accounts and browsing history (even if I'm logged out), I was thinking of the following. Let me know what you think Slashdotters:

      1) Does running FB as a different user on the same machine (but obviously then running the same browser executable) preclude FB from getting the ot

      • I used facebook for a while. I had to unfriend my grand-daughter because her teen chatter offended me, and I didn't want her to offend my other "friends" as well. I started to feel a loss of control when I realized the bizarre things that can happen when you introduce al the people you have ever known to each other. But the real reason I detached from FB was that I started to see the connections growing between them and the rest of the world. Every time I turn around on the Internet, some piece of softwar
        • Then I started noticing web sites where you couldn't participate if you were unwilling to provide your FB credentials. There are a lot of news sites like that. When you want to comment on an article, up comes that FB login dialog.

          In terms of growing risks, the more systems that are closely bound to FB, the bigger the disaster when something goes wrong.

          Hello,

          Original poster here, just wondered about something, if you don't mind. What browser do you use online? I use Firefox, with a few add-ons installed. One of them is called NoScript, and it disables all the automatic links you mention on websites. You can choose to enable individual scripts, either permanently or just for that visit. You would be amazed at the number of scripts running on various websites.

          For example, I just opened another tab and visited a news story at NY Times to check. When I moved

  • It would be interesting to see their test cases. This seems like their test cases weren't very well thought out. Or the more cynical view is testing takes time and money to pay people to do the testing. Its cheaper to just deploy the application.
    • Re:Testing (Score:5, Insightful)

      by ebno-10db (1459097) on Saturday June 22, 2013 @10:04AM (#44078171)

      Test cases? We're talking about Facebook - the company that often tests software by just going live with it. Some people call this rapid development, but I call it sloppy garbage.

      • You call it sloppy garbage. The all knowing market with its invisible hand thinks it is worth a few billion dollars.
      • by Pieroxy (222434)

        If you think you can keep something of the magnitude of facebook up 24/7 with no test cases you've not been in software development very long.

        • FB is not up 24/7. It sometimes goes down for hours at a time (second hand info as I don't use it myself).

          Furthermore, and rather obviously if you understand that not every passing snark is meant to be completely literal, my point was that they don't do very thorough testing before going live. I have no idea why anyone would be impressed by most of FB's "technology". They're hardly so bleeding edge that they can be forgiven such flakiness as an inevitable part of new technology. As a contrasting example, fi

    • They use PHP for fucks sake.

  • The ad that came up on this slashdot page was:

    How long will you live? The Cookie will tell you!
    Subscription $10/Mt

    At first I thought it was a sarcastic commentary about Facebook browser cookies having more information about you than they should, and having to pay to get the information out of them. Or perhaps the existence of Facebook cookies in your browser telling advertisers something about your intelligence, like users of IE versus Chrome. Then I noticed the fortune cookie drawing next to it. And I thought capchas were nearing sentience when they began to exhibit a sens

  • by FuzzNugget (2840687) on Saturday June 22, 2013 @10:08AM (#44078193)
    It's just called "Facebook"
  • by Secret Agent Man (915574) on Saturday June 22, 2013 @10:11AM (#44078201) Homepage

    Is there any sort of punishment available for this? When a company hoards massive amounts of data, and it gets leaked, does anything happen other than "sorry, guess we goofed"?

    This is one of the many reasons I don't like companies (or the government)sitting on so much data like this: If they have it, someone else will get it.

    • by thegarbz (1787294)

      The problem with criminal liability for software bugs is that there wouldn't be any software if the risk of punishment was high. Making a perfectly bug free system is incredibly difficult, even more so if the bugs can be due to someone else's software (like MySQL or something similar, or the OS).

  • Facebook code is rewritten every Tuesday. On Wednesday expect things to be FUBAR and forget weekends when use is even higher. Anyone with an account must accept the fact they are in no way safe, secure or private in anyway no matter how diligent one is in trying to keep up with the ever changing settings and reverts to default.
  • by Anonymous Coward

    What sort of moron give stheir phone no. to facebook?

  • I didn't give it to them. Neither are mentioned in any posts.

    I don't want to display that and wish to delete. Does Google+ do that? I suspect they can, but may not.

  • I don't have nay friends! :-P

  • If people really cared about their privacy, they would leave in droves. If people really cared about their privacy, people would lynch the NSA, TSA and other agencies raping their privacy. If people really cared they would see that ALL political people would have it high on their agenda and follow through on it.

    Unfortunately, people do not care. They are willing giving up their privacy. They think it is nice to watch other peoples live on TV with 'reality shows' and they are willing to do almost anything fo

    • The trick it that the datamining and stuff happens behind the scenes, and thus people do not sense their privacy being compromised. When people get to choose what they upload to the site, and they can set in the preferences which users can see the material, they feel that they are in control well enough and feel protected enough to keep using the site. They never receive the report stating where their data was sent to (with unlimited access to it), what kind of complex advertising profiles were created base

  • by AnotherAnonymousUser (972204) on Saturday June 22, 2013 @11:24AM (#44078527)
    You have to admit, for all the Facebook bashing that happens, the fact that hacks, break-ins, and bugs of this nature are so uncommon, given that they're dynamically managing a userbase of a billion people, is an impressive task.

    When break ins or bugs do occur, they happen in a very big and very bad way, as a single bug affects millions, and there's a lot of people I wouldn't want seeing my personal data. Most of us here seem to take the stance of locking down our Facebooks, keeping what's posted at a minimum, and generally keeping it at a distance with a ten foot pole, but there's admittedly very little respect for Facebook managing to be more or less secure from a technical standpoint. Now, their change deployment policy is god awful, but that's a different piece altogether...
    • You have to admit, for all the Facebook bashing that happens, the fact that hacks, break-ins, and bugs of this nature are so uncommon, given that they're dynamically managing a userbase of a billion people, is an impressive task.

      I have to admit no such thing. First, there are a billion accounts, not a billion users (many users have multiple accounts), and many accounts are largely dormant. FB loves to hype their numbers. Second, there are hundreds of millions of bank accounts in the world, many of them now accessible online. Financial networks have been around since the 60's and have gotten much more sophisticated. While not perfect, they're incredibly more reliable than FB, otherwise we'd all be keeping money in mattresses. People

    • by Pieroxy (222434)

      Waitwhat? Do you think Facebook communicates on all break-ins and hacks that happens? That's assuming they discover them all which is pretty unlikely IMO.

      No, what we see in the news (such as today's news) is just the tip of the iceberg. How deep does the iceberg really goes, nobody will ever know. Look at Stuxnet!

  • It's never advertiser's emails and contracts and deals that get exposed, although one can assume these things are held electronically and have a great deal of value to someone, certainly more value than the 0.25 -$1.00 lifetime value Average FB User's email is worth .

    Not saying companies deliberately release their users emails so that when that information later figures as evidence in a crime / scam / scandal FB has plausible deniability.

    get ev\eryone's email and personal info.
    pretend to "lose" some .
    ???
    pr

  • Facebook design exposed 1 billon users. And Facebook home country exposed 6 billon users. When you put things in perspective nothing really matters anymore.

"Just Say No." - Nancy Reagan "No." - Ronald Reagan

Working...