June 22, 2013
Yesterday, Facebook announced the accidental release of 6 million users’ personal information. The source of the leak was their Backup Tool, which lets users download their list of friends complete with any information they’d chosen to share. So what happened? A bug in the tool released the phone numbers and email addresses of friends that they not only hadn’t chosen to share, but that they hadn’t even given to Facebook.
Because of the nature of the leak and recent NSA activity, both Facebook’s apology and the Internet’s reaction have focused on the data leak itself. It’s a valid concern, but 6 million is a drop in the bucket for Facebook, and any data that did get leaked was only released to a Facebook friend or two. For a company with the mantra “Move fast and break things” it’s hardly unexpected.
So, “No harm, no foul,” right? Not quite. Things start to get murky when you ignore the leak and focus on how this was even possible. For one, the phone numbers and email addresses that Facebook leaked weren’t submitted by the users themselves. This means Facebook has your phone number, even if you’ve never given it out. How? By analyzing and storing your number when your friends give Facebook their address books and contact lists. The same goes for your email address, which Facebook most likely grabbed from a friend’s email contacts.
While it’s common knowledge that Facebook loves collecting our information, it’s always been information that we’ve willingly provided. Our favorite movies, photos, and hangout spots are all included on our profiles for our friends to see and Facebook to leverage towards better ads. This bug has exposed that this isn’t entirely the case: Facebook knows more about you than you want them to.