updated 09:20 pm EDT, Fri June 21, 2013
Data leaked collected from friend network address books, not own user data
Facebook's "White Hat" hacker program has exposed a vulnerability in the social network's "Download Your Information" tool. According to the company's security blog, a flaw allowed users (but not developers or advertisers) to farm phone numbers and email addresses attached to friended-users Facebook accounts.
The bug has been exploitable since the end of 2012. Six million users' data was potentially exposed. Security researchers Packet Storm Security summarized the problem, noting that it did not matter what data the user entered for themselves, but the data leaked was harvested from the users' friends. While the flaw was active, the information available (which was collected, and still resides, on Facebook servers) was sent to users requesting their own contact information on users friended on Facebook.
Facebook believes the impact of the security lapse will be minimal. Announcing the flaw, Facebook claims that "although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again."