Skip to main content
  1. Home
  2. Social Media
  3. News

Researchers say Facebook security breach affected more users than the social network admits

By

facebook teen security headerWhen Facebook came clean about a recent security bug that caused the exposure of 6 million users’ personal information to their contacts, they softened the blow by saying that the effect of the bug was probably minimal, since the people who likely received their friends’ data could have already had access to the contact info in the first place. Facebook users were outraged nonetheless, and it turns out they had reason to be: According to Sophos, the Facebook info leak is actually much worse than we were told and that the researchers who initially discovered the existence of shadow profiles are saying that the numbers don’t match up.

Researchers at the company Packet Storm compared their prior test data that verified the leak to the amount of information Facebook claims it accidentally left out in the open, and found out the following:

Recommended Videos

In one case, they stated 1 additional email address was disclosed, though 4 pieces of data were actually disclosed. For another individual, they only told him about 3 out of 7 pieces of data disclosed. It would seem clear that they did not enumerate through the datasets to get an accurate total of the disclosure.

Facebook claimed that information went unreported because they could not confirm it belonged to a given user. Facebook used its own discretion when notifying users of what data was disclosed, but there was apparently no discretion used by the ‘bug’ when it compiled your data. It does not appear that they will take any extra steps at this point to explain the real magnitude of the exposure and we suspect the numbers are much higher.

According to the same report, Facebook was also effectively collecting non-user contact information, which was also exposed by the security bug. Facebook declined to comment when Packet Storm asked the company to produce a collective accounting of all the information affected by the mishap. When asked about the company’s efforts to inform non-Facebook users affected by the breach, Facebook simply said “[non-users] were not contacted and the information was not reported … if [Facebook] attempted to contact non-users, it would lead to more information disclosure.”

Facebook’s apology post owned up to the social network’s technical errors, but if this latest development is true, then it erases any applause the company earned for its apparent transparency.

Sophos suggests that while we all wait for an official (and legitimate) Facebook fix, users can remove contacts they’ve imported into the social media account to minimize further unauthorized access and information dissemination. Don’t worry about the threat of your friend recommendations becoming less relevant as a result of this deletion – most of us are already Facebook friends with the people that matter, anyway. If you’re not, then maybe take a quick look through your recommended friends list, do what needs to be done, and then get out. 

Editors' Recommendations

Topics
Jam Kotenko
Jam Kotenko
Former Digital Trends Contributor
When she's not busy watching movies and TV shows or traveling to new places, Jam is probably on Facebook. Or Twitter. Or…
Bluesky barrels toward 1 million new sign-ups in a day
Bluesky social media app logo.

Social media app Bluesky has picked nearly a million new users just a day after exiting its invitation-only beta and opening to everyone.

In a post on its main rival -- X (formerly Twitter) -- Bluesky shared a chart showing a sudden boost in usage on the app, which can now be downloaded for free for iPhone and Android devices.

Read more
How to make a GIF from a YouTube video
woman sitting and using laptop

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more
I paid Meta to ‘verify’ me — here’s what actually happened
An Instagram profile on an iPhone.

In the fall of 2023 I decided to do a little experiment in the height of the “blue check” hysteria. Twitter had shifted from verifying accounts based (more or less) on merit or importance and instead would let users pay for a blue checkmark. That obviously went (and still goes) badly. Meanwhile, Meta opened its own verification service earlier in the year, called Meta Verified.

Mostly aimed at “creators,” Meta Verified costs $15 a month and helps you “establish your account authenticity and help[s] your community know it’s the real us with a verified badge." It also gives you “proactive account protection” to help fight impersonation by (in part) requiring you to use two-factor authentication. You’ll also get direct account support “from a real person,” and exclusive features like stickers and stars.

Read more