Facebook inadvertently exposed personal contact information of 6 million users to other members of the social network, the company announced Friday.
In a blog post, Facebook explained that an error with a feature that lets users upload their address books to the social network showed the email addresses and telephone numbers of some users to other users whom they know but were not already privy to that contact information.
The users’ information was exposed because of a glitch with a contact-matching tool Facebook uses internally to generate friend recommendations. The company said that when some users downloaded their personal data such as videos, photos and address book to their computers, they also got contact information for friends that they should not have had access to.
“Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,” Facebook said in a statement Friday.
Facebook said that most emails and phone numbers that were shared incorrectly were only exposed to one person. The company also said it has no evidence that the bug may have been exploited maliciously.
The company said it was notified of the glitch last week and immediately began to fix it by turning off the feature that lets users download their data. Facebook turned the feature back on the next day once it was certain the glitch was no longer exposing users’ information. The company said it informed regulators in Europe, Canada and the U.S., and notified users whose personal information was inadvertently shared.