An "embarrassed" Facebook has disclosed that a technical bug compromised personal details such as phone numbers and email addresses of six million users worldwide.
This has made the clamour for data security norms grow louder so that users in countries like India, which does not have privacy legislation, get a shield.
A Facebook spokesperson declined to share country-specific numbers. Users in India, which has 78 million Facebook users, were also affected.
Facebook made the announcement on Saturday morning. In a blog post, it said the breach could have occurred when a user downloaded an archive of his or her account through the Download-Your-Information tool. "They may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection," said the note. The company said it took "people's privacy seriously" and had "no evidence that this bug has been exploited maliciously."
"Even with a strong team, no company can ensure 100 per cent prevention of bugs, and in rare cases we don't discover a problem until it has already affected a person's account.... Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," the company said.
Users whose accounts were affected have also got an email from Facebook informing them of the issue.
This incident, preceded by several such large-scale data breaches involving companies such as LinkedIn and Amazon in the recent past, has prompted experts to call for basic data security standards that should be followed by all internet companies globally.
"There have to be broad guidelines which draw a legitimate red line on what is an acceptable practice in terms of data collection and what security measures they need to put in place," said Parminder Jeet Singh, executive director of technology advocacy and research firm, IT for Change. Laws of one country might not be applicable on technology firms that have servers elsewhere. There has to be "some kind of a global consensus on data security policies," said Singh..
RECENT DATA BREACHES
LinkedIn In June last year, the site was hacked and passwords of around 6.5 million users were stolen by cybercriminals. The passwords, which were encrypted, were decrypted and posted online. LinkedIn apologised but had to battle a lawsuit
Amazon In January last year, the online retailers' sister concern was a victim of an attack that stole phone numbers, email ids and billing addresses of 24 million customers . The company said credit card details were safe. But it had to face a class-action suit
Dominos In India, the website of the popular pizza delivery chain was hacked allegedly by a group of Turkish hackers. Information, including names, phone numbers, email addresses and passwords of about 37,000 users, was stolen. It was the second such hacking faced by the company in the last few years.