Facebook to fix bug leaking users' phone numbers
Roughly 1/1000 users were affected by the mobile apps glitch
IDG News Service - Facebook is rolling out a patch to fix a rare bug in its API that had apparently been leaking users' phone numbers to app developers.
The glitch, which was first reported back in June 2012, was affecting the email field in some mobile apps accessing Facebook's API (application programming interface).
During the registration process users would give the developer permission to access their email address on file with Facebook. But instead of returning an email address, the app's email field was giving developers the user's phone number instead.
The bug had been occurring only once in every thousand cases, Facebook said. But with some larger app developers having multiple thousands of users, the incidence rate is significant.
One app developer affected by the glitch, however, reported a higher incidence rate. Nathan Cobb, research investigator with the American Legacy Foundation, an antismoking nonprofit, said their group's smoking cessation app, Ubiquitous, was giving them phone numbers for about one in every 200 users.
The Ubiquitous app is part of a study funded by the National Institutes of Health on health interventions through Facebook, and the bug was "making it impossible for us to follow up with users as part of the study," he said.
It is not clear whether any particular mobile operating system was more affected by the bug than another.
"We expect the issue to be resolved soon," spokeswoman Erin First said in an email Wednesday, with a notice on Facebook's developer page saying a fix would be pushed out.
Facebook said later that the bug does not breach its terms of service or users' privacy because the user is still implicitly giving the developer permission to access the phone number if that is the contact information the user has on file with Facebook.
Facebook already lets people search for users on the site by the contact information they have listed and set as public, which may include email addresses and phone numbers.
The bug had been left unpatched for almost nine months. Facebook did not immediately clarify whether it had any evidence of developers using the numbers to call users to promote their services.
Lately the social network has been forced to address other privacy concerns connected to Graph Search, its new social search engine currently in beta launch. The tool is designed to let users more easily find things on the site through their social connections, but some have questioned whether it reveals too much.
The site has sought to explain in recent weeks, for instance, why Graph Search does not compromise the privacy rights of minors.
- 5 eDiscovery Challenges Solved eDiscovery challenges continue to present themselves as data storage becomes more complex and grows the Big Data Era. Read this CommVault Solution Brief...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- PST Archiving: What is it and How is it Done? Learn more about what PST data is, the risks relating to it, and how the new PST Archiving feature in the Simpana 10... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!