A security breach has been identified in the Facebook system.

The Facebook security team said today that they had found a security flaw in the Facebook system that leaked personal information such as user email addresses and phone numbers, with 6 million users already affected, according to TechCrunch, the US technology blog.

The Facebook security team wrote in a blog post: "When users upload their contact lists or address books to Facebook, we try to compare them with the contact information of other users on Facebook, and find out their connections and recommend them." ”

"As a result of this security vulnerability, some of the information that was used for friend referrals and reduced our number of invitations was accidentally saved as a contact person with a user's Facebook account." As a result, if users download their Facebook account information through our ' Download your Information ' (DYI) tool, they may see their contacts, or the email address or phone number of someone they have contacted. ”

A Facebook spokeswoman said the security breach began last year and was eventually discovered by Facebook technicians last week. Facebook also said the company's security team fixed the leak within 24 hours of discovery. Facebook says 6 million of users ' e-mail addresses or phone numbers are included in the download account data.

In addition, some non-Facebook users ' email addresses and phone numbers are also included in the download of information that invites contacts to join Facebook via a number of tools. A Facebook spokeswoman said the information was not tied to any Facebook account, so "it cannot be confirmed." Facebook said the security breach was not deliberately set up and that the company was contacting users affected by the incident.

"For most of the affected email addresses and phone numbers, each email address or phone number is only occasionally included in the download information," The Facebook security team said in post. In other words, in almost all cases, the email address or phone number will only be exposed to one person. In addition, other types of personal or financial information are not included in the download data, and only Facebook users can use the Dyi tool, and neither the developer nor the Advertiser can. ”