If it wasn’t bad enough that the federal government has access to all your private information on the Internet, your friends may actually have access as well. Today, Facebook issued a major privacy mea culpa, admitting that private phone numbers and email addresses for 6 million of its users was inadvertently exposed.
A little-used feature on Facebook called Download Your Information (DYI) allows you to own an archival copy of all your activity on the site, including contact information for your friends. The DYI tool isn’t supposed to offer up phone numbers and email addresses that were set to private, but it appears a bug in the system did exactly that.
If there’s any consolation in the leak, it’s that this personal information was likely buried deep inside the voluminous mass of data in each DYI report, unread unless someone was specifically looking for that information. Since very few DYI reports were requested, it’s unlikely that anyone will see your contact information, even if it was accidentally downloaded by one of your Facebook friends.
According to the site's security department, “approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person.”
Facebook says that it has no evidence of any private information being used for nefarious purposes, and that it has taken steps to prevent anyone else’s contact info from being similarly leaked in the future. Still, the misstep just goes to prove how cautious you should be about sharing information on the Internet, even with a company like Facebook who promises to keep certain data private. No company’s digital security is foolproof, and the only way to guarantee your privacy is to delete your Facebook account altogether.
If your account is one of the 6 million affected, you should receive an email from Facebook notifying you of the fact shortly. In the meantime, you may want to revisit your Facebook privacy settings to confirm your personal information isn’t set to be publicly available on the site.