Facebook 'upset and embarrassed' after bug exposed users' contact information

Facebook revealed Friday that the email addresses and phone numbers of roughly six million users were exposed to others on the social networking site.

In a blog post, Facebook said the security incident was caused by a bug in a feature used to make friend suggestions, which matches data when people upload their contact lists to the social network with other users' contact information. The bug inadvertently stored information used to make friend recommendations in people's archive of account information.

Because of this, users had access to email addresses and phone numbers of other people they may know when they downloaded an archive of their account data. 

Facebook said it disabled the feature as soon as it found out about the bug and fixed the problem by the next day. The social networking company reassured users that it has no evidence that the bug was exploited maliciously and it has not observed strange behavior in the feature.

"Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," the company said in the blog post. "Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure."

Facebook said "in almost all cases" the affected email addresses or phone numbers were exposed to only one person on the social network. The company said exposed information was only limited to email addresses or phone numbers, not financial information, and was not shared with developers or advertisers.

The social network has notified regulators in the United States, Canada and Europe about the bug and is notifying affected users by email.