Skip to main content

Researchers say Facebook security breach affected more users than the social network admits

facebook teen security headerWhen Facebook came clean about a recent security bug that caused the exposure of 6 million users’ personal information to their contacts, they softened the blow by saying that the effect of the bug was probably minimal, since the people who likely received their friends’ data could have already had access to the contact info in the first place. Facebook users were outraged nonetheless, and it turns out they had reason to be: According to Sophos, the Facebook info leak is actually much worse than we were told and that the researchers who initially discovered the existence of shadow profiles are saying that the numbers don’t match up.

Researchers at the company Packet Storm compared their prior test data that verified the leak to the amount of information Facebook claims it accidentally left out in the open, and found out the following:

Recommended Videos

In one case, they stated 1 additional email address was disclosed, though 4 pieces of data were actually disclosed. For another individual, they only told him about 3 out of 7 pieces of data disclosed. It would seem clear that they did not enumerate through the datasets to get an accurate total of the disclosure.

Facebook claimed that information went unreported because they could not confirm it belonged to a given user. Facebook used its own discretion when notifying users of what data was disclosed, but there was apparently no discretion used by the ‘bug’ when it compiled your data. It does not appear that they will take any extra steps at this point to explain the real magnitude of the exposure and we suspect the numbers are much higher.

According to the same report, Facebook was also effectively collecting non-user contact information, which was also exposed by the security bug. Facebook declined to comment when Packet Storm asked the company to produce a collective accounting of all the information affected by the mishap. When asked about the company’s efforts to inform non-Facebook users affected by the breach, Facebook simply said “[non-users] were not contacted and the information was not reported … if [Facebook] attempted to contact non-users, it would lead to more information disclosure.”

Facebook’s apology post owned up to the social network’s technical errors, but if this latest development is true, then it erases any applause the company earned for its apparent transparency.

Sophos suggests that while we all wait for an official (and legitimate) Facebook fix, users can remove contacts they’ve imported into the social media account to minimize further unauthorized access and information dissemination. Don’t worry about the threat of your friend recommendations becoming less relevant as a result of this deletion – most of us are already Facebook friends with the people that matter, anyway. If you’re not, then maybe take a quick look through your recommended friends list, do what needs to be done, and then get out. 

Jam Kotenko
When she's not busy watching movies and TV shows or traveling to new places, Jam is probably on Facebook. Or Twitter. Or…
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Reddit just achieved something for the first time in its 20-year history
The Reddit logo.

Reddit’s on a roll. The social media platform has just turned a profit for the first time in its 20-year history, and now boasts a record 97.2 million daily active users, marking a year-over-year increase of 47%. A few times during the quarter, the figure topped 100 million, which Reddit CEO and co-founder Steve Huffman said in a letter to shareholders had been a “long-standing milestone” for the site.

The company, which went public in March, announced the news in its third-quarter earnings results on Tuesday.

Read more
Worried about the TikTok ban? This is how it might look on your phone
TikTok splash screen on an Android phone.

The US Supreme Court has decided to uphold a law that would see TikTok banned in the country on January 19. Now, the platform has issued an official statement, confirming that it will indeed shut down unless it gets some emergency relief from the outgoing president.

“Unless the Biden Administration immediately provides a definitive statement to satisfy the most critical service providers assuring non-enforcement, unfortunately TikTok will be forced to go dark on January 19,” said the company soon after the court’s verdict.
So, what does going dark mean?
So, far, there is no official statement on what exactly TikTok means by “going dark.” There is a lot of speculation out there on how exactly the app or website will look once TikTok shutters in the US.

Read more