Facebook fixes bug that leaked users' phone numbers
by Lisa Vaas on March 1, 2013, Naked Security's newsletter
Facebook has fixed a bug that was leaking users' phone numbers to application developers. Reported in June 2012, the API (application programming interface) bug was affecting the email field in some mobile apps that accessed Facebook's API. The original report about the glitch was reproduced in a Facebook notice in which Facebook's Alvin Sng said it should now be resolved. Facebook said that when retrieving a user's email address via graph API, app developers were receiving a 10-digit number once for every 1,000 users, more or less, instead of the properly formatted email address the documentation states that the field should return. But as pointed out by IDG's Zach Miners, some app developers reported significantly higher incidences. One such developer - Nathan Cobb, research investigator with the American Legacy Foundation, an antismoking nonprofit - said the group's smoking cessation app, Ubiquitous, was returning phone numbers for about one in every 200 users, Miners reports. |
Facebook hasn't reported whether or not it knows of developers who've used the numbers to call users to promote their services. As it is, those concerned about privacy are already disturbed by the possibility of Facebook's new Graph Search being able to squeeze out data that users might have posted and then forgotten about, or how it could be used to cross-relate disparate pieces of data about people, with less than desirable results. Or, as Sophos's Graham Cluley put it in this headline: How to find single women who like men *and* like getting drunk, with Facebook Graph Search. Graph Search doesn't reveal anything Facebook users haven't already shared, but it does make it a heck of a lot easier to piece together. Facebook took nine months to fix the API glitch so that it's no longer handing over users' phone numbers on a silver platter. Stories like this make it easier to understand why some assume the company's priorities lie in digging personal data out, rather than ensuring it doesn't get handed over inadvertently. Refer To:http://nakedsecurity.sophos.com/2013/03/01/facebook-fixes-bug-that-leaked-users-phone-numbers/ |