Facebook.com, the world's largest social networking website, has stumbled again with the privacy of its users. Facebook confirmed on Friday that a year-long data breach had allowed unauthorized persons to access the emails and telephone numbers of about 6 million members.
"... a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them...When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations... Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts..."
Let me get this straight. A company that was founded upon the idea of connecting people had a bug in a core piece of software designed to help people accurately connect with others. And, that bug allowed persons to see and access the personal information of others that they should not have had access to. The announcement also said:
"We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals..."
The "other" reference tells me that the Facebook breach also disclosed information about non-members. How many were affected? Is the company also notifying those non-members?
Frictionless sharing? Definitely. You might say a frictionless breach, too.
[Update: ZDNet reported on June 26 that non-member information was leaked, too.]