Facebook revealed late afternoon Friday that a security bug exposed email addresses and phone numbers for approximately 6 million users. In a blog post, Facebook stated that certain users downloading an archive of their Facebook account were provided with contact list information that shouldn’t have been shared.
The bug, which has since been disabled, was discovered by a third party due to Facebook’s “White Hat Program,” which offers a bounty to anybody that discovers a bug on the social media site. Facebook described the origins of the bug in a statement, though declined further comment:
“When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.”
Because that contact information got mixed up in storage, certain users downloading their Facebook accounts received more Friends List contact information than Facebook was supposed to provide.
The security and caretaking of Facebook user data has been a major point of emphasis for the social network, especially as it works with brands and businesses that use Facebook to reach out to consumers. For instance, the evolution of Facebook’s advertising ecosystem relies heavily on brands’ ability to leverage user data to target specific customer segments. Moreover, enterprise software providers like CRM giant Salesforce provide tools that allow businesses to match emails with Facebook accounts in order to send more precise messages.
The efficacy of these tools naturally revolves around consumers’ willingness to share their own information with Facebook. Maintaining trust between the social network and consumers is crucial—especially given the results of a 2012 survey from the Direct Marketing Association (DMA), in which 58% of respondents stated that trust is the most important factor when deciding whether or not to share personal information online. There is, however, increasing acceptance that personal information is merely a commodity: 35% of survey participants (and 40% of those aged 25-34) said they believe such data can be sold or handed over to companies in exchange for free services and other benefits.