SHARING AMERICA'S TECH NEWS FROM THE VALLEY TO THE ALLEY
Facebook has started sending out warning emails to users whose personal information has been compromised by the security bug uncovered yesterday. The bug exposed some six million Facebook users’ email addresses and telephone numbers to other site users because Facebook had “inadvertently stored [it] in association with people’s contact information as part of their account on Facebook”.
Facebook says it uses this data so it can generate friend request recommendations.
The warning email — we’re embedding a copy of a email sent to one Facebook user below — echoes what Facebook’s security team said in a blog post about the data breach yesterday. It explains the scope of the bug and goes into the same level of technical detail as to how it happened.
It also confirms which piece (or pieces) of personal data were exposed for that particular user.
In the below email, two pieces of data have been compromised (a phone number and an email address). In another sample letter sent to TechCrunch by a tipster the user has had six pieces of data compromised (one phone number and five email addresses).
Another tipster told TechCrunch she had one email address compromised but noted she cannot figure out how the email was even obtained by Facebook as it appears to be for a former work place, is no longer valid and was never directly associated by her with her account — suggesting Facebook is automatically harvesting contact data from other Facebook users and associating it with other accounts.
That sort of action, while creepy, would certainly help Facebook expand its network of contact information so it can generate new friend recommendations. We’re reaching out to Facebook to confirm how it gathers this data and will update this story with any response.
All three emails seen by TechCrunch state that the data was “inadvertently access by at most 1 Facebook user”.
Thank you, TiA