Personal details of six million Facebook users have been exposed by a bug in the social networking site's data archive.
The affected users' email addresses and telephone numbers were accidentally shared with other users who would not otherwise have had access to the information … and were not authorised by the affected users to do so. The site said that there was no evidence so far that the exposed data was being used for fraudulent or otherwise malicious purposes, adding that it was "upset and embarrassed" about the incident.
The issue was caused by the way Facebook handles users' contact lists and address books. It said it normally analyses the names and contact details contained in those lists so that it can make friend recommendations. The bug caused some of the information generated in this way was stored alongside the uploaded lists and address books, meaning that when someone had downloaded their profile, it was accompanied by the additional data, exposing the contact details.
The site said that the bug had now been resolved, adding that the "practical impact" had been small because information was most likely to have been shared with people who already knew the affected users.
The alert came from a member of Facebook's 'White Hat' community … third-party programmers who check its code for vulnerabilities.