Facebook admits year-long data breach exposed 6 million users

SAN FRANCISCO Fri Jun 21, 2013 7:08pm EDT

An illustration picture shows a woman looking at the Facebook website on a computer in Munich February 2, 2012. REUTERS/Michael Dalder

An illustration picture shows a woman looking at the Facebook website on a computer in Munich February 2, 2012.

Credit: Reuters/Michael Dalder

Related Topics

SAN FRANCISCO (Reuters) - Facebook Inc has inadvertently exposed 6 million users' phone numbers and email addresses to unauthorized viewers over the past year, the world's largest social networking company disclosed late Friday.

Facebook blamed the data leaks, which began in 2012, on a technical glitch in its massive archive of contact information collected from its 1.1 billion users worldwide. As a result of the glitch, Facebook users who downloaded contact data for their list of friends obtained additional information that they were not supposed to have.

Facebook's security team was alerted to the bug last week and fixed it within 24 hours. But Facebook did not publicly acknowledge the bug until Friday afternoon, when it published an "important message" on its blog explaining the issue.

A Facebook spokesman said the delay was due to company procedure stipulating that regulators and affected users be notified before making a public announcement.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," Facebook said on its blog.

While the privacy breach was limited, "it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," it added.

The breach follows recent disclosures that several consumer Internet companies turned over troves of user data to a large-scale electronic surveillance program run by U.S. intelligence.

The companies include Facebook, Google Inc, Microsoft Corp, Apple Inc and Yahoo Inc.

The companies, led by Facebook, successfully negotiated with the U.S. government last week to reveal the approximate number of user information requests that each company had received, including secret national security orders.

(Reporting by Gerry Shih; Editing by Richard Chang)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (8)
SeaWa wrote:
“it’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,”

I’m sick and tired of these private companies erroneously or intentionally releasing data on us, while at the same time citizens are prosecuted for ‘hacking’ or ‘copyright infringement’ anytime a company doesn’t like what we’ve collected or shared online!

I think Europe has it right with their actions against Google, (and hopefully others). Unfortunately, Google’s pockets have gotten so big that EU fines won’t make a difference. It’s time for the US to start legislating privacy the way the EU is trying.

Jun 21, 2013 8:33pm EDT  --  Report as abuse
1111who wrote:
…and people are worried about privacy because of the NSA, CIS, FBI? If you punlish anything on Facebook, Instagram, Google+, LinkedIn, yhadayada, you might as well cc: the Feds and every one else.

What fools we are.

Jun 21, 2013 8:41pm EDT  --  Report as abuse
CraigHerberg wrote:
Unfortunately, everything on FB already is — or is just a couple of mouse clicks away from being public domain. It’s certainly not a place I would keep confidential information. Craig Herberg

Jun 21, 2013 9:20pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.