Late on Friday night, after Europe was deep asleep and the East Coast had gone home for the weekend, Facebook revealed in a blog post that contact information for about six million users had been compromised. Since they strategically dropped the news when no one was around to see it, the blogosphere has been gradually catching up to the scandal, and the results are not encouraging.
Packet Storm Security, the firm that first exposed the issue to Facebook, has expressed concerns about the “frightening” dossiers of information Facebook is gathering on people. Facebook, for its part, responded by saying that users should already know their information is being collected.
“In Facebook’s explanation, it is obtaining data on individuals in a form of third party collection through voluntary user submission,” wrote ZDNet contributor Violet Blue, who pressed Facebook for a response on Sunday. “It is reasonable to conclude that the data is only involuntarily collected and saved for the people the data is matched to – in this case, the six million accounts that were affected.”
Facebook said it would be difficult for malicious parties to obtain personal contact information using this loophole, but the bug was live for a year.
If you aren’t sure what a ‘Shadow Profile’ is or if you would like more information on how they operate, Mashable posted an excellent, detailed article on this issue today.
This story is still developing, and there’s certain to be many more twists and turns as the full implications of the privacy gaffe are revealed.