Bug in Facebook DYI tool fixed after data of 6M users exposed

Share this article:
Bug in Facebook DYI tool fixed after data of 6M users exposed
Bug in Facebook DYI tool fixed after data of 6M users exposed

Facebook has addressed a weakness in its "Download Your Information" (DYI) tool, which exposed the contact information of around six million of its users.

The social networking site's security team notified users about the glitch via a blog post Friday, saying that users may have inadvertently had their email addresses and phone numbers shared with other users who had some connection with them.

The DYI tool is meant to help users access information stored in their profile and locate people on Facebook who they may know.

“Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook,” the company wrote.

Users that downloaded an archive of their Facebook account through the DYI tool may have consequently saved additional information of contacts (email addresses and phone numbers) they wouldn't otherwise have had access to, Facebook said.

It was made aware of the security issue through its bug bounty program, where researchers are paid for reporting vulnerabilities to the company. After the bug was reported last week, Facebook disabled the DYI tool and issued a fix the following day.

The site is in the midst of notifying impacted individuals via email.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.