Facebook says it is “embarrassed” after a system bug accidentally gives out contact information for millions of its users.
Six million Facebook users have had their contact information inadvertently exposed because of a bug in the site.
The social media giant admitted that each piece of information – such as an email address or phone number – had been given out “once or twice” and said it was “upset and embarrassed” by the mistake.
Facebook said the bug was connected to a technical mix-up between its Download Your Information (DYI) tool, which lets users get an archive of their timeline activity, and the feature which recommends who to add as a friend.
People using the tool were also unexpectedly getting extra contact information for friends of friends, or extra contact information for their existing Facebook friends.
The site tried to reassure users in a blog post and said there was no evidence yet that the bug had been maliciously exploited.
“For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice,” said the blog.
“This means, in almost all cases, an email address or telephone number was only exposed to one person.
“Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.”
The problem has now been fixed but the company said it had already notified privacy regulators in the US, Canada and Europe, and was in the process of notifying affected users.