Skip to main content

Internet rages against Facebook security scare and concerns over ‘Shadow Profiles’ return

facebook-dislike-button-blueA single, highly understanding individual may commend Facebook for bravely owning up to the recent mistake of unwittingly sharing users’ phone numbers and email addresses without permission. But the Web has bred a wild mob of infuriated Facebook users demanding to know which of their contacts have been given access to their personal information over the course of the last year.

That’s right – according to Reuters, what Facebook was apologizing for last Friday was a security bug that has been active since 2012, when it first experienced a “technical glitch” stemming from its user information repository sourced from 1.1 billion Facebook users all over the world. The bug unintentionally merged hidden user details with their public profiles and offered it up to anyone who would like to download an archive of their account via the Download Your Information (DYI) tool. And now the privacy scare has brought back discussion over Facebook’s use of Shadow Profiles.

Facebook and its creation of Shadow Profiles isn’t completely a new notion, and this time they have a legitimate excuse: The apology post stated that whatever additional information they collate, they use “to make friend recommendations and reduce the number of invitations [Facebook sends].”

A year is already a long period on its own, even longer considering how fast-paced the Internet is – a bug left unaddressed for that long is indeed damaging to Facebook’s steadfastly growing population of 1.11 billion monthly active users as of March 2013, especially to those who are extra careful when it comes to sharing personal details online. And that’s not the only thing that’s delayed – apparently Facebook has known about the bug for a week and got rid of it within a day, but has delayed the release of the announcement because of company procedures mandating the social media site to notify regulators and the 6 million affected users prior to publicity.

Of course the Web is teeming with disappointed and disgruntled Facebook users and have taken to sites like Hacker News as well as Facebook’s own Security page to voice their complaints, the latter sporting over a thousand comments and more than a thousand shares as of this writing, most of them lambasting the social network. One Facebook user’s comment even claims a more serious matter:

I’m very concerned about the information Facebook has said was [accessible] to the public. Facebook said it was my phone number and email address, but what they showed me was credit card numbers! That is much more serious and I have no way to [contact] Facebook to see if the whole CC #’s were shown or only the last 4 #’s of each card. Can anyone at Facebook let me know? It is very important for me.

In relation to this issue, ZDNet has received a response from Facebook Policy Communications, one that suggests “collection, storage and shadow profiling of contact data is the sole fault of users who failed to read (or remember) the Facebook policies they agreed to when they were getting started on Facebook,” and that this page vaguely describing the company’s data collection procedures for users’ contacts is enough of a heads up. What the page doesn’t explicitly mention is that the same data gathering could be employed on users themselves, not just their friends. According to a Facebook spokesperson, data about a user is retrieved through that user’s friends who voluntarily provide information. The representative also said that it would take “precise and coincidental timing” for a person to maliciously obtain a target user’s data (both public and hidden) through the DYI tool. 

Based on the continued angst expressed on the comment section of Facebook’s post, no information has been released regarding who exactly had access to the shadow data of users with compromised accounts.

Editors' Recommendations

Jam Kotenko
Former Digital Trends Contributor
When she's not busy watching movies and TV shows or traveling to new places, Jam is probably on Facebook. Or Twitter. Or…
The FTC will hit Facebook with a $5 billion fine over privacy violations
Mark Zuckerberg as he testified before Congress in April 2018.

Facebook has agreed to a $5 billion settlement with the Federal Trade Commission (FTC) over its numerous “privacy missteps,” according to a new report.

The three Republican FTC commissioners voted  to approve the massive settlement, while the two Democratic commissioners objected, according to the Wall Street Journal, which first reported the agreement on Friday.

Read more
X seems to have deleted years of old Twitter images
The new X sign replacing the Twitter logo on the company's headquarters in San Francisco.

The social media platform formerly known as Twitter and recently rebranded as X appears to be having trouble showing images posted on the site between 2011 and 2014.

The issue came to widespread attention on Saturday when X user Tom Coates noted how the famous selfie posted by Ellen DeGeneres at the Oscars in 2014, which quickly broke the “most retweets” record, was no longer displaying. Later reports suggested the image had been restored, though, at the time of writing, we’re not seeing it.

Read more
X says it’s squashing the bug that deleted Twitter images and links
The new X sign replacing the Twitter logo on the company's headquarters in San Francisco.

X, formerly known as Twitter, says it’s working to restore potentially millions of images and links that suddenly and rather mysteriously disappeared from the platform in recent days.

“Over the weekend we had a bug that prevented us from displaying images from before 2014,” the company said in a post on its Support account on Monday. “No images or data were lost. We fixed the bug, and the issue will be fully resolved in the coming days.”

Read more