ZD Net reports:
Friday Facebook announced the fix of a bug it said inadvertently exposed the private information of over six million users when Facebook’s previously unknown shadow profiles accidentally merged with user accounts in data history record requests.
According to Reuters, the data leak spanned a year beginning in 2012.
The personal information leaked by the bug is information that had not been given to Facebook by the users – it is data Facebook has been compiling on its users behind closed doors, without their consent.
A growing number of Facebook users are furious and demand to know who saw private information they had expressly notgiven to Facebook.
Facebook was accidentally combining user’s shadow profiles with their Facebook profiles and spitting the merged information out in one big clump to people they ‘had some connection to’ who downloaded an archive of their account with Facebook’s Download Your Information (DYI) tool.
According to the admissions in its blog, posted late Friday afternoon, Facebook appears to be obtaining users’ offsite email address and phone numbers and attempting to match them to other accounts. It appears that the invisible collected information is then being stored in each user’s ‘shadow profile’ that is somehow attached to accounts.
Users were clearly unaware that offsite data about them was being collected, matched to them, and stored by Facebook.
Just in case you forgot, Facebook was named as a participant in the PRISM data collection scheme, run by the NSA, which means the NSA has access to all of that shadow data as well. Also, Facebook’s former security chief now works for the NSA. It wouldn’t surprise me at all to learn that shadow data was collected explicitly for the NSA’s use.
I’m considering dumping my Facebook profile and my Gmail account, given that they are so intimately tied into the NSA. I suppose it doesn’t do much good now though. They already know who all of my friends are. They already have all of my email history stored on NSA servers. They have all of my call history stored. They have all of my banking history stored. And I assume they have all of this blog and my numerous other postings stored. At this point, stopping the use of Facebook and Google would really be nothing more than a symbolic measure.
It really is annoying. I can symbolically protest their actions by ceasing to use their services, and in so doing, inconvenience myself and my friends greatly by forcing them to contact me through more secure channels, or I can simply bitch about it. Tough call.