Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Experts: Facebook Security Leak More Extensive than Site Is Admitting

by Fox Van Allen on June 27, 2013

Computer SecurityLast week, Facebook apologized for leaking contact information for an estimated 6 million users of the world’s largest social network. But according to computer security experts, the site may be drastically underestimating the extent to which personal data was leaked, suggesting the number of Americans affected is indeed far higher. Further, many will never even know their data was compromised.

The culprit behind the privacy blunder is Facebook’s rarely used Download Your Information (DYI) tool, which allows you to make a hard copy of your social networking history. A bug in Facebook’s database inadvertently included some data in DYI reports that was supposed to be private, however – mainly phone numbers and email addresses of third parties that the site never had permission to share.

When someone gives the Facebook mobile app permission to look through their phone’s address book, the social network saves all the information contained within to its servers. This means that even if you don’t have an account on Facebook, the site is still be maintaining a rich database of information on you including your phone number, email address, place of work, birthday and other personal data that might be in an acquaintance’s personal address book.

Facebook sent out email notifications to the 6 million users it stated were affected, but according to noted computer security blog Packet Storm, the company is drastically underestimating the extent to which personal information was leaked. Packet Storm’s own independent analysis showed that “in one case, (Facebook) stated 1 additional email address was disclosed, though 4 pieces of data were actually disclosed. For another individual, they only told him about 3 out of 7 pieces of data disclosed.”

Perhaps even more upsetting is the fact that people who were not on Facebook also had their private information leaked, and the site is making no effort to contact or notify them. It is Facebook’s official policy that your personal data doesn’t belong to you so long as another user uploaded it. It’s a chilling reminder that, in 2013, the only way to make sure your personal information stays private may be to make sure you literally share it with no one.


Topics

Computers and Software, News, Internet & Networking, Blog, Facebook, Privacy, Social Networking


Discussion loading

gravatar

From Steveon Williams on June 29, 2013 :: 2:31 pm


Eventually, the world will come to the understanding that there is no true privacy by definition of the word.

But, it is nice to imagine.

Reply

gravatar

From Martin R on July 01, 2013 :: 4:55 am


“But according to computer security experts, the site may be drastically underestimating the extent to which personal data was leaked, suggesting the number of Americans affected is indeed far higher.”

I’m not American. I must be ok then.

Reply

gravatar

From Mahesh Babu on May 24, 2021 :: 10:41 pm


My account was hacked please recovery my Facebook account

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.