Facebook promises to address complaints it was responsible for wiping email contacts in some users’ mobile phone address books, replacing them with @facebook.com listings.
The social network blamed the deletion of users’ contacts on a software bug.
The problem followed last week’s move to make Facebook’s own addresses visible by default on its website, hiding the ones originally listed.
Facebook said it was fixing the issue, promising it “will be resolved soon”.
The company was unable to confirm the scale of the bug, but reports by The Verge and CNN Money suggested users who had activated Facebook Contact Sync on Blackberry and Android phones, and devices running the beta versions of Apple’s iOS6 and Microsoft’s Windows Phone 8 had been affected.
Facebook promises to address complaints it was responsible for wiping email contacts
The social network linked the issue to the application programming interface (API) at the heart of a tool designed to ensure that when its members amended their contact details, the changes would be made to their Facebook friends’ smartphone address books.
The software was designed to copy over its users’ “primary email addresses” – the ones they used to log into the social network.
However, a statement acknowledged that “for people on certain devices, a bug meant that the device was pulling the last email address added to the account rather than the primary address, resulting in @facebook.com addresses being pulled”.
Since Facebook’s synchronization tool only synchronized email addresses that were visible on its site, and it had made third-party addresses invisible by default, pre-existing contacts were deleted as a result.
“The gravity of changing personal data on users’ phones is much greater than just changing them on a cloud-based service or a website,” said Anthony Mullen, senior analyst at the tech consultants Forrester.
“The lesson here is Facebook should have offered a simple wizard walking people through the change showing what impact it would have rather than just letting it happen automatically.
“However, despite talk of a backlash it doesn’t seem these problems have been grave enough to have motivated users to quit the network.”
The loose-knit Anonymous movement, who stole thousands of credit card numbers from U.S. security firm Stratfor, has now published the email addresses of more than 860,000 of its clients.
Hackers released the data – which included information on former U.S. Vice President Dan Quayle and former Secretary of State Henry Kissinger – online.
The lists of emails included scrambled details of their passwords – which experts said could be cracked within a matter of seconds by using software downloaded for free.
People working for big corporations, the U.S. military and major defense contractors were all contained on lists stolen from the intelligence company often dubbed the Shadow CIA.
The Antisec faction of Anonymous said last weekend it had hacked into the firm and promised that the release of the stolen data would cause “mayhem”.
A spokesperson for Anonymous said via Twitter that yet-to-be-published emails from the firm would show Stratfor, which gathers non-classified intelligence on international crises, “is not the <<harmless company>> it tries to paint itself as”.
Antisec has not disclosed when it will release those emails, but security analysts said they could contain information that could be embarrassing for the U.S. government.
The loose-knit Anonymous movement, who stole thousands of credit card numbers from U.S. security firm Stratfor, has now published the email addresses of more than 860,000 of its clients
Jeffrey Carr, chief executive of Taia Global Inc, said: “Those emails are going to be dynamite and may provide a lot of useful information to adversaries of the U.S. government.”
Stratfor issued a statement on Friday confirming that the published email addresses had been stolen from the company’s database.
The statement said it was helping law enforcement probe the matter and conducting its own investigation.
It said: “At Stratfor, we try to foster a culture of scrutiny and analysis, and we want to assure our customers and friends that we will apply the same rigorous standards in carrying out our internal review.”
John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, said: “There are thousands of email addresses here that could be used for very targeted spear phishing attacks that could compromise national security.”
The Pentagon said it saw no threat so far.
In a posting on the data-sharing website pastebin.com, Anonymous said the list included information from about 75,000 customers of Stratfor and about 860,000 people who had registered to use its site.
The hackers also said that the list included some 50,000 email addresses belonging to the U.S. government’s .gov and .mil domains.
The list also included addresses at contractors including BAE Systems Plc, Boeing Co, Lockheed Martin Corp and several U.S. government-funded labs that conduct classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho; and Sandia and Los Alamos, New Mexico.
Corporations on the list included Bank of America, Exxon Mobil Corp, Goldman Sachs & Co and Thomson Reuters.
The entries included scrambled versions of passwords. Some of them can be unscrambled using databases known as rainbow tables that are available for download over the Internet, according to John Bumgarner.
He said he randomly picked six people on the list affiliated with U.S. military and intelligence agencies to see if he could crack their passwords.
John Bumgarner said he was able to break four of them, each in about a second, using one rainbow table.