Android Phone Numbers Leaked By Facebook App - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Android Phone Numbers Leaked By Facebook App

Symantec spots privacy leak and Facebook issues patch, saying it was an inadvertent coding error and phone numbers did not go public.

That Android beta was the first beta build released by Facebook as part of its expanded beta testing program. Previously, new versions of the Android app were tested by about 1,000 Facebook employees. But owing to Android fragmentation, the company has opened up the program to anyone who wants to join the Facebook for Beta Testers group. Facebook said it's hoping to release the updated Android app -- with the privacy-leak patch -- to Google Play for general downloading on July 8.

The Android bug wasn't the only recent privacy snafu involving Facebook. Last month, the social network reported that it had fixed a bug on its servers -- reported via its Facebook White Hat bug bounty program -- that was inadvertently storing email addresses and telephone numbers for 6 million users.

"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook," said a Facebook security advisory. "As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool."

Facebook said that when it learned of the bug, it immediately deactivated the DYI tool, fixed the code involved, and had the DYI tool working again the following day. It said it's been notifying regulators in the United States, Canada and Europe, as well as affected users.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," according to the Facebook statement.

The company apologized for the bug. "Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," it said. "Your trust is the most important asset we have."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Majo
50%
50%
Majo,
User Rank: Apprentice
7/3/2013 | 6:15:54 PM
re: Android Phone Numbers Leaked By Facebook App
The bug would be a jackpot for security surveillance linking phones and Facebook accounts. Pay-per-use phones can be linked to Facebook users, and 'temporary' Facebook accounts to phone accounts. Sweet.
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
Commentary
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll