Ah, Friday. Remember Friday? It seems like a million years ago, especially after a long summer weekend.
If you were paying close attention at 7:50 p.m. Eastern time Friday (4:50 p.m. Pacific time), you may have seen Facebook announce in a blog post that it had fixed a bug that had been exposing the personal contact information of more than six million users.
The post begins:
At Facebook, we take people's privacy seriously, and we strive to protect people's information to the very best of our ability. We implement many safeguards, hire the brightest engineers and train them to ensure we have only high-quality code behind the scenes of your Facebook experiences. We even have teams that focus exclusively on preventing and fixing privacy-related technical issues before they affect you.
Yada, etc. -- you get the idea. It goes on to say that thanks to its White Hat program, a bounty system for non-Facebook security experts who tell Facebook about its security flaws,
We recently received a report... regarding a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.
After explaining the nature of the bug, Facebook said that, "We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared."
Uh, shared? Shared is a funny word to use here.
Others used stronger language. Tech site ZDNet, for instance, ran a post by Violet Blue titled "Anger mounts after Facebook's 'shadow profiles' leak in bug." Her summary: "Facebook said Friday it fixed a bug that exposed contact info for over six million accounts. The admission revealed its 'shadow profile' data collection activities, and users are furious."
She further explains that,
Facebook appears to be obtaining users' offsite email address and phone numbers and attempting to match them to other accounts. It appears that the invisible collected information is then being stored in each user's 'shadow profile' that is somehow attached to accounts.
As computer security expert Graham Cluley wrote on his personal blog in a post titled "Facebook owns up to serious privacy breach. Tells the world late on a Friday night (again),"
Pardon me for being cynical, but it seems somewhat convenient that Facebook releases the news on Friday afternoon Pacific Time.... If I was in charge of Facebook's crisis communications team, I might also counsel that the best way to minimise fall-out from the announcement you don't really want to make is to release it at precisely the same time -- when America's East coast reporters have left the office for the weekend, and Europe is already asleep.
Well, guess what? It's Monday morning -- the start of a glorious new week and a fresh news cycle! What better time, I figure, to post this post?
Simon Dumenco is the "Media Guy" media columnist for Advertising Age. Follow him on Twitter @simondumenco.