Information Security News
mailing list archives
Firm: Facebook 'bug' worse than reported; non-users also affected
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 27 Jun 2013 05:44:50 +0000 (UTC)
By Violet Blue
June 26, 2013
The security researchers who found Facebook's shadow profiles
vulnerability have compared their numbers to what Facebook told its users
in emails, and the numbers don't match.
They say Facebook told users the data exposure is much less than what the
researchers found, and the researchers also say Facebook is hoarding
non-user contact information — seen when it was also shared and exposed in
Friday Facebook announced the fix of a bug it said inadvertently exposed
the private information of over six million users when Facebook's
previously unknown shadow profiles accidentally merged with user accounts
in data history record requests.
Since at least 2012, Facebook users who used the Download Your Information
(DYI) tool to get their data history record also got an address book with
contacts users had never provided to Facebook.
Visit the new and improved InfoSec News website
- Firm: Facebook 'bug' worse than reported; non-users also affected InfoSec News (Jun 27)