Facebook Bug May Have Shared Your Contact Information


The word profile has changed its meaning over the years. At one point, a profile was just an outline of a person – a side view. As of today, a profile can refer to dozens of things (wikipedia has about 20 variations of what a profile is). One of the more commonly used ways for the word profile today is the kind used to describe your online persona on a website, like Facebook.

Your Facebook profile says a lot about you, but most people don’t realize what is happening behind the curtain over at Facebook HQ. And if were not for the recent press release from Facebook, people would’ve still been in the dark. The announcement from Facebook makes the entire thing sound like no big deal. Even the title, Important Message from Facebook’s White Hat Program, makes the alert sound dull. Do non-tech people even know what white hat means? Probably not, but the tech community sure does.

Here’s what happened: there was a bug that shared contact information (emails and phone numbers) of users’ friends, even if they did not willingly allow sharing of such information. The way this actually happens goes like this:

  1. You sign up for Facebook and want to allow it to search your contacts to see if your friends are on it. 
  2. You share your friends’ information (emails and phone numbers) with Facebook who says it keeps the data private and secure.
  3. Someone who shares one of your friends does the same thing. However, when they upload the mutual friend’s data, it merges/shares the information. So while you were sharing your friend’s Gmail and home phone, your other friend shares their Yahoo, home phone, and mobile. Facebook now has multiple contact infos for that one friend.
  4. In addition to all this happening, there was a bug that exposed this information to anyone knowledgeable enough to access it.

The results of this bug is that people have access to your personal information even if you didn’t share it with Facebook. All it takes is your friend’s uploading of your data. This is how Facebook describes the process:

We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.

This happened to over 6,000,000 users. It’s safe to say more than 6 million, because it is very unlikely that figure is correct, on the dot.

So that’s what really happened. The shadow left by your online profile is being tracked, shared, and observed, even if you don’t agree to it.