Data of 6M Facebook Users Exposed
Facebook is criticized again. This time the things that drew attention are security bug, which exposed user’s personal information, matching data between users and alleged collaboration with the government.
The source of the bug which caused the data leak is Download Your Information (DYI) tool. Although Facebook is now claiming that the problem is solved, six million users have already reluctantly shared their email addresses and phone numbers.
The information about the existing bug was reported to security site called Packet Storm by an unknown researcher. Later the site contacted Facebook, and it was forced to shut down the DYI service for a day to solve the problems before turning it on again.
DYI tool is used to retrieve previously uploaded contacts as an archive file to the user’s device. Due to the malfunction the file named addressbook[.]html contained data not only about the contacts you uploaded, but also contact information from other users. The condition for this to happen is simple: you had to have identical phone number or email address uploaded as the other user.
The previously mentioned security site Packet Storm made a public announcement regarding this situation. They claimed that one public email address shared by a user could have been the cause of losing a great amount other contact information. Moreover, the data, which was lost, could have belonged to people who didn’t even belong to facebook society.
Not surprisingly, Facebook tried to play down the effects this bug caused. In public statement, they said “The practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another.” Furthermore, they said that no complains were handed to the company regarding this issue. Although they confessed that this situation is an embarrassment for an organization of this stature.
To fight with these kind of problems Facebook created The White Hat Program. It’s principles are simple: every security researcher who finds a bug, and agrees with Facebook conditions, is rewarded with at least $500.
Security bug is not the only one issue Facebook currently faces. The data correlation between users is also being criticized although the social site claims that this is done only to make friend recommendations.
Another uncomfortable topic for Facebook and other giants such as Google, Microsoft, Apple is the PRISM program. Launched in 2007 by the NSA its objective is to maintain security by implementing electronic surveillance. Although Facebook and other companies denied that NSA or other organizations have any access to their databases or infrastructure, they were accused of collaborating with the government and sharing personal information of its users.
Packet Storm revealed some interesting aspects of Facebook policy. They say that Facebook beholds users’ contact information the users’ data, and as a result it can be manipulated in any way they want, even when it contains personally identifiable information.
According to Packet Storm it is completely normal when users want extra safety guaranteed for their personal data. They said “For one, a contact list may be my friend’s list, but the data is mine. When Facebook stores a credit card number for me, I’m certain they understand very clearly that it is my data and they are a custodian of my data.” Unfortunately, a contact list still remains a piece of data to which some security ethics are not applied and that’s way our information often ends up at third parties.