Last Friday, Facebook posted a report about a bug that revealed private contact information about its members and tried to play it off as a minor problem. Of course, what that minor problem happened to reveal is that Facebook is using your friends to get information about you that you didn’t want to give to Facebook in the first place.
It has to do with how Facebook finds your “friends.” As we all know, when you install a Facebook app and boot it, the first thing it asks you to do is find “friends” on the network using contact information stored on your phone. So, if you did that, when you go to use the Download Your Information tool…
…if a person went to download an archive of their Facebook account… they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool.
In other words, if a friend of yours on Facebook has your phone number, even if you explicitly did not provide that information to Facebook, Facebook has collected it and attached it to your profile anyway. The bug revealed email addresses and phone numbers, with users claiming in the comments to have credit card numbers revealed as well, but Facebook hasn’t yet revealed just how far down this rabbit hole goes. After all, nothing’s stopping Facebook from buying other marketing databases and adding that information to their private version of your profile, and then selling that profile again.
This is a problem not least because, as anybody who has ever had a stalker can tell you, having your information available to people with “some connection” is not a fun experience. But it also raises the question of what Facebook knows about you, and what might happen if there’s a real breach.