Facebook 'Shadow Profiles' Bug Threatens 6 Million Users: Company Policy Refuses Users Control Over Distribution Of Personal Information

Social media giant Facebook recently disclosed a bug fix that was detected by Packet Storm Security which unintentionally compiled shadow profiles and dossiers on its users and beyond.

"The issue itself was not built with malice in mind it was simply an oversight," said the Facebook researchers.

"The significance of what it unearthed is the real problem that still remains."

According to ZDNet, Facebook had been combining users' shadow profiles with their Facebook profiles and sharing it with the users' friends who had the Download Your Information (DIY) tool.

"When you open the downloaded archive, there is a file inside called addressbook.html. This file is supposed to house the contact information you uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided you had one piece of matching data, effectively building large dossiers on people.

"In our testing, we found that uploading one public email address for an individual could reap a dozen additional pieces of contact information.

"It should also be noted that the collection of this information goes for all of the data uploaded, regardless of whether or not your contacts are Facebook users."

Since the debacle, Facebook has affirmed that users' anger towards the shadow profiles is superfluous, as users should already be familiar with the company's policy about contact collection.

Essentially, the information users input into Facebook can be used in any way Facebook sees fit.

"What we need are governments to enact legislation that forces the hand, but given recent news items in the United States, it is clear that not all governments are making this a top priority," stated Packet Storm.

Currently, there is no protection against shadow profiles.