On Friday, Facebook admitted that a bug made the private contact information -- either email addresses or phone numbers -- of 6 million users accidentally accessible to Facebookers who downloaded their account histories onto their own computers. Compared to Facebook's over 1 billion total members, 6 million isn't much. But any security flaw has the potential to frighten people away from a website.
A bug allowed "some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them," Facebook wrote in a note on its security page. Using the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously.
The bug was found not by Facebook's team, but by someone going through Facebook's "white hat" hacker program, which offers a bounty for anyone who can find bugs on the site, paying a minimum reward of $500 per bug. The bounty is awarded "based on [the bug's] severity and creativity," according to Facebook's White Hat page. In April, HuffPost profiled one of Facebook's most prolific bug finders, Nir Goldshlager.