Skip to main content
  1. Home
  2. Social Media
  3. News

Facebook finally hides your phone number … after exposing it for nine months

By

facebook evilIf you’ve used Facebook on your mobile phone before, then you probably have also used at least one mobile app that requires access to your email address.  The only problem is, there’s a bug that causes Facebook to return your 10-digit phone number instead, and it took a solid nine months before the team finally decided to resolve the privacy breach.

A report of the phone number issue was brought to Facebook’s attention as early as June of last year and was posted on the developer site, where it was immediately confirmed as a bug.  According to the report, instead of receiving the expected properly formatted user’s email address via the graph API, at least one of a thousand queries return a 10-digit phone number.

Recommended Videos

Other app developers have actually experienced a higher frequency of this bug.  The American Legacy Foundation, the non-profit org behind Ubiquitous, reported that they were retrieving one phone number for every 200 queries.

Related

Though the bug is now completely patched, there really is no way to know if app developers who’ve encountered this bug in the past actually used the information exposure to their advantage by calling up users on their phones (or harvesting and selling that information to phone list services).  The fact that the social networking site twiddled its thumbs for nine months while this bug remained unresolved gives privacy die-hards more reason to believe that Facebook, rather than help you protect your personal information, is secretly selling it to the highest bidder.

facebook-graph-search
Image used with permission by copyright holder

Graph Search, Facebook’s latest feature that lets users search their friends’ data using simple, specific phrases (like ‘photos my friends took in New York City’), is apparently also a potential threat to users’ privacy.  Here’s to hoping that Facebook watches this new tool’s activity like a hawk before it gets out of control (like, before “frenemies” in your circle sift through your old posts using cleverly phrased queries and find out details about your life you thought were safely under the radar).

[UPDATE]

Looks like there’s more to this story that we didn’t know.  The report we read as basis for this article had some of the details wrong, so we’d like to apologize and issue this correction:

According to Fred Wolens, Facebook Policy Communications, any FB user could sign up to Facebook with either an email address or a phone number, and if that user decided to not give an email address, “in keeping with the users privacy we provided the phone number since this was the piece of registrant information used”. Also, users are given ample warning by applications before sharing personal information, and in the case of giving out a phone number, it may be called an email address (in the absence of one). The real bug is the mislabeling of the API call, calling a phone number an email address. It has been corrected.

Editors’ Recommendations

Topics
Jam Kotenko
Jam Kotenko
Former Digital Trends Contributor
When she's not busy watching movies and TV shows or traveling to new places, Jam is probably on Facebook. Or Twitter. Or…
How to deactivate your Instagram account (or delete it)
A person holding a phone with the Instagram app open on it.

Oh, social media. Sometimes it’s just too much, folks.

If you’re finding yourself in a position where shutting down your Instagram account for a period of time sounds good, the people at Meta have made it pretty simple to deactivate it. It’s also quite easy to completely delete your Instagram, although we wouldn’t recommend this latter option if you plan on returning to the platform at a later date.

Read more
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Incogni: Recover your privacy and remove personal information from the internet
Incogni remove your personal data from brokers and more

Everything you do while online is tracked digitally. Often connected to your email address or an issued IP, trackers can easily identify financial details, sensitive information like your social security number, demographics, contact details, like a phone number or address, and much more. In many ways, this information is tied to a digital profile and then collated, recorded, and shared via data brokers. There are many ways this information can be scooped up and just as many ways, this information can be shared and connected back to you and your family. The unfortunate reality is that, for most of us, we no longer have any true privacy.

The problem is exacerbated even more if you regularly use social media, share content or images online, or engage in discussions on places like Reddit or community boards. It's also scary to think about because even though we know this information is being collected, we don't necessarily know how much is available, who has it, or even what that digital profile looks like.

Read more