Facebook Reports Privacy Breach

Contact information for 6 million accounts exposed

How about this for rotten timing. Privacy is in the headlines and Facebook had to fess up to a privacy breach. Tonight, the social network reported that it discovered a programming bug that exposed 6 million users' email addresses and telephone numbers.

The culprit: Facebook's "download your information" tool which may have provided contact information from users' accounts.

Facebook came clean in a security note issued 4:50 p.m. PT. The company said it immediately disabled the DYI tool, notified regulators in the U.S., Canada and Europe, and was in the process of notifying affected users via email.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," Facebook said. "Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarassed by, and we'll work doubly hard to make sure nothing like this happens again."

This latest incident can't help Facebook's privacy reputation, which the company has been working to rebuild. Last year, Facebook settled with the Federal Trade Commission resolving charges that it revealed information about users without proper notice or consent. As part of the settlement, Facebook is subject to regular audits for the next 20 years.