Facebook, one of whose core principles is “Move fast and break things,” appears to have done just that with the contact information of some six million users.
The social network admitted that a complex bug involving the way it stores user phone numbers and email addresses of its users may have “inadvertently” exposed that information to other users.
Facebook used this information to make friend recommendations and to make other recommendations smarter. For instance, it would match email and phone data to make sure it didn’t prompt you to invite someone to Facebook if they were already on the service; instead, it would prompt you to add such a person as a friend.
Unfortunately, a bug in Facebook’s software stashed some of that phone and email data in other users’ profiles. Those who downloaded their profiles may have thus also saved off contact information they otherwise wouldn’t have had.
Here’s how Facebook describes the bug:
Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.
[…]We’ve concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared.
Oops.