Saturday, June 22, 2013

Here's The Security Breach Email Facebook Is Sending To 6M Users




TechCrunch





Here's The Security Breach Email Facebook Is Sending To 6M Users



new facebook icon

Facebook has started sending out warning emails to users whose personal information has been compromised by the security bug it confirmed yesterday, confirming which pieces of data were exposed. The bug exposed some six million Facebook users’ email addresses and telephone numbers to other site users because Facebook had “inadvertently stored [it] in association with people’s contact information as part of their account on Facebook”.


Facebook says it uses this data so it can generate friend request recommendations. The bug had been live since last year, before being brought to Facebook’s attention last week. Its security team then fixed it within 24 hours of it being flagged, according to the social network.


The notification email — we’re embedding a copy of an email sent to one Facebook user below — echoes what Facebook’s security team said in a blog post about the data breach yesterday. It explains the scope of the bug and goes into the same level of technical detail as to how it happened. It also confirms which specific piece (or pieces) of personal data were exposed for that particular user.


In the below email, two pieces of data have been compromised (a phone number and an email address). In another sample letter sent to TechCrunch by a tipster the user has had six pieces of data compromised (one phone number and five email addresses).


Another tipster told TechCrunch she had one email address compromised but noted she cannot figure out how the email was even obtained by Facebook as it appears to be for a former work place, is no longer valid and was never directly associated by her with her account — suggesting Facebook is automatically harvesting contact data from other Facebook users and associating it with other accounts.


That sort of action, while creepy, would certainly help Facebook expand its network of contact information so it can generate new friend recommendations.  We’re reaching out to Facebook to confirm how it gathers this data and will update this story with any response.


All three emails seen by TechCrunch state that the data was “inadvertently access by at most 1 Facebook user”.













Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)