Facebook to fix bug leaking users' phone numbers
Roughly 1/1000 users were affected by the mobile apps glitch
IDG News Service - Facebook is rolling out a patch to fix a rare bug in its API that had apparently been leaking users' phone numbers to app developers.
The glitch, which was first reported back in June 2012, was affecting the email field in some mobile apps accessing Facebook's API (application programming interface).
During the registration process users would give the developer permission to access their email address on file with Facebook. But instead of returning an email address, the app's email field was giving developers the user's phone number instead.
The bug had been occurring only once in every thousand cases, Facebook said. But with some larger app developers having multiple thousands of users, the incidence rate is significant.
One app developer affected by the glitch, however, reported a higher incidence rate. Nathan Cobb, research investigator with the American Legacy Foundation, an antismoking nonprofit, said their group's smoking cessation app, Ubiquitous, was giving them phone numbers for about one in every 200 users.
The Ubiquitous app is part of a study funded by the National Institutes of Health on health interventions through Facebook, and the bug was "making it impossible for us to follow up with users as part of the study," he said.
It is not clear whether any particular mobile operating system was more affected by the bug than another.
"We expect the issue to be resolved soon," spokeswoman Erin First said in an email Wednesday, with a notice on Facebook's developer page saying a fix would be pushed out.
Facebook said later that the bug does not breach its terms of service or users' privacy because the user is still implicitly giving the developer permission to access the phone number if that is the contact information the user has on file with Facebook.
Facebook already lets people search for users on the site by the contact information they have listed and set as public, which may include email addresses and phone numbers.
The bug had been left unpatched for almost nine months. Facebook did not immediately clarify whether it had any evidence of developers using the numbers to call users to promote their services.
Lately the social network has been forced to address other privacy concerns connected to Graph Search, its new social search engine currently in beta launch. The tool is designed to let users more easily find things on the site through their social connections, but some have questioned whether it reveals too much.
The site has sought to explain in recent weeks, for instance, why Graph Search does not compromise the privacy rights of minors.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts