A Facebook security bug that has been in existence since last year was discovered this week, but only after the contact information of six million users had been exposed.
Facebook acknowledged the bug’s existence in a blog post on Friday, saying the error has existed on its servers since last year and has so far affected six million accounts, reports TechCrunch.
The bug, found by independent researchers through the company’s White Hat program, exposes the personal contact information of certain accounts. According to the report, email addresses and phone numbers could be viewed by people who had “had some contact information about that person or some connection to them.”
According to the company, the bug relates to the social network’s friend discovery process.
When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.
The bug caused some of the data used to connect with friends to be stored alongside a person’s contact information. By using the Download Your Information tool, people were granted access to a user’s private email addresses and phone numbers that would otherwise be hidden.
The DYI tool has since been deactivated as Facebook flushes the bug from its system.