A bug that allowed private data to leak out went unnoticed for a year

Jun 22, 2013 13:21 GMT  ·  By

Facebook has revealed that it, inadvertently, leaked the private user data of some six million people. It wasn't a massive breach, each piece of data only ending up shared with one or two people.

The company also said that it had not received any complaints by users or info that the leaked data was exploited in any way. "No harm, no foul," Facebook seems to thinking.

And it's right, it's highly unlikely that anyone was actually harmed by the breach, though there are plenty of scenarios where this could have happened.

While revealing your contact info to one or two people who were already in your friends’ list may not mean too much to most people, it may mean a lot to someone trying to get away from an abusive boyfriend or trying to keep info hidden from a particular person.

This is exactly the type of info that got Google in trouble when it launched Buzz. The ensuing scandal contributed greatly to Buzz's demise, though, in all fairness, Buzz was never going to be popular.

Still, the actual damage in Facebook's case is likely low. But that's not to say Facebook should be getting away with it. It should not for one very simple reason, trust.

When it asks for our contact info, Facebook pledges not to share that info with anyone. We give it access to our address book to find friends on the site knowing that our address book won't be shared with anyone and that Facebook will only be using an automated process to scan it.

The only reason why people depart with this info is because Facebook promises to keep it safe. And then, something like this happens. How are users supposed to trust Facebook with their info when the company shows such careless disregard for it?

No one at Facebook wanted the data getting out, obviously, but a bug like this went unnoticed for a year, a bug which allowed private data, which should never had been kept anywhere near data which is supposed to be shared, to leak out.

A bug that an outside researcher had to notice before Facebook even realized it was happening. If something like this can and does happen, what guarantees do users have that it won't happen again? Or that their data is being properly looked after.

The truth is, they have none. And, while Facebook may have fixed this issue, others will happen in the future. And, while Facebook may say it's going to institute changes to ensure these things won't happen anymore, it doesn't really have any incentive to.

Because you don't actually care. People get all bothered on Twitter for five minutes when something like this happens and then they go right back to Facebook. The same is true with NSA spying, with advertisers tracking your movements on the web. People don't actually care, so why should companies, or the government.