Last Friday Facebook revealed that a “bug” leaked personal information, including email addresses and phone numbers, of six million users. The security breach sparked a discussion in the Internet community about what information Facebook has collected and what information it can collect.
The leak began in 2012 and exposed Facebook’s massive database of personal information collected from its 1.1 billion users, Reuters reported. Although the leak lasted a year, Facebook only noticed the breach in the middle of June of 2013, and has since declared the problem fixed.
Much of the information leaked was not intentionally provided to Facebook by its users. The bug accessed information collected in part by Facebook’s Find Friends feature, part of an application for mobile devices, according to Mashable. In a message provided by the mobile application, Facebook describes the function of the device: “Find Friends uploads contacts from your device and stores them on Facebook’s servers where they may be used to help others search for people or to generate friend suggestions for you and others.”
Through this application, Facebook gains access to the email addresses, cell phone numbers, personal websites and other contact information of the user’s friends and family members. Once Facebook collects the contact information, it creates what the internet community has dubbed “shadow profiles.”
Shadow profiles contain basic facts the user provides, such as name, hobbies and relationship status, combined with other information the user may not be aware Facebook has collected. That information can come from photos the user’s friends tagged him or her in, check-ins, posts mentioning the user’s name, Find Friends and other sources.
In a security memo released Friday afternoon, Facebook tried to downplay the data leak, saying, “we currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing.”
However, the leak has left users outraged, asking for what purpose Facebook compiles user data and what it does with the contact information of people who do not use the site. According to NBC News, Facebook denies multiple accusations that it creates shadow profiles for non-users, despite the fact that other social media sites, such as Klout, admit to compiling non-user data. Despite petitions and posts, Facebook has not addressed user concerns over data storage.
The Facebook user information leak follows on the heels of the National Security Agency’s data-mining campaign, which allowed the NSA to access information provided by Facebook, AOL, Skype and several other companies.