Sunday, June 23, 2013

Facebook security breach: year-long expose of user data, phone numbers


Posted by Jake Robison on Jun 22, 2013


Facebook says a security breach caused it to inadvertently reveal the personal data of six million users including their phone numbers for the past year. It’s mystifying to explain how an entity as large and far reaching as Facebook could go a year without catching such a glaring breach, particularly seeing how I spotted it from nearly day one. Except I mistakenly thought the bug was a feature.

I am one of the six million users whose phone number showed up on my Facebook profile, even to those who weren’t my friends, beginning last year. Once I spotted it, I assumed Facebook had changed its policy such that phone numbers were reassigned to the portion of a user’s personal data which is publicly available even to those who aren’t authorized as friends. Miffed that it would do so without my approval or even so much as notifying me, I removed my phone number from my Facebook profile entirely. Problem solved. It has been on there since 2007, and I’d never once gotten a phone call from a Facebook friend whom I didn’t want to hear from. But if Facebook was exposing my phone number to the world, including to telemarketers, then it didn’t get to have my phone number at all.

Shame on me for assuming that the security breach was intentional. I should have brought it to Facebook’s attention on the chance that it was in fact a bug and not an intentional policy shift. But with Facebook so often having been cavalier about the personal data of its users over the years, it never occurred to me that it this was anything other than another unwanted user data policy change.


,

No comments: