Facebook fixes buggy DYI tool after 6M users exposed

By
Follow google news

Bug bounty program pays off.

Facebook has addressed a weakness in its Download Your Information (DYI) tool which exposed the contact information of around six million of its users.

Facebook fixes buggy DYI tool after 6M users exposed

The social networking site's security team notified users that they may have had their email addresses and phone numbers shared with other users linked to them.

The DYI tool is meant to help users access information stored in their profile and locate people on Facebook who they may know.

“Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook,” the company wrote.

Users that downloaded an archive of their Facebook account through the DYI tool may have consequently saved additional information of contacts (email addresses and phone numbers) they wouldn't otherwise have had access to, Facebook said.

It was made aware of the security issue through its bug bounty program, where researchers are paid for reporting vulnerabilities to the company. After the bug was reported last week, Facebook disabled the DYI tool and issued a fix the following day.

The site is in the midst of notifying impacted individuals via email.

This article originally appeared at scmagazineus.com

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Log In

  |  Forgot your password?