Facebook revealed on Friday that a bug in its system caused 6 million users phone numbers and email addresses to be exposed.
Facebook says this bug meant that the site collated information about users to create master records including phone numbers and email addresses that the owners had never intended to share.
Facebook said it has fixed the problem and is in the process of notifying affected users via email. Although describing the bug as "pretty technical”, they wanted to emphasise “the practical impact of this bug is likely to be minimal”.
Facebook explained that anyone attempting to download archive profile information using the Download Your Information (DYI) tool may have been provided with the email or telephone numbers of people who they shared connections with on the site. The email addresses and telephone numbers of an estimated six million people affected were given out to other users “once or twice”.
They added that they had received no information to suggest the bug was malicious or that any complaints had been made from users who had noticed “anomalous behaviour” or “wrongdoing”.
What to do if you receive one of these emails?
If you receive an email from Facebook about your security being compromised it is likely to be legitimate, as some users in the UK will have been affected.
However it is important to remember that fraudsters will use legitimate events like these to scam people via email. If you receive one and are unsure log into Facebook directly to access your account and follow our advice:
- Do not click on any links in the scam email.
- Do not reply to the email or contact the senders in any way.
- If you have clicked on a link in the email, do not supply any information on the website that may open.
- Do not open any attachments that arrive with the email.
- Report any scam emails to us.
For further information see the Facebook security post.
Please note that Action Fraud is not responsible for the content of external websites.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.