Facebook’s latest snafu, which led to some users having email addresses in their smartphone contact lists changed to @facebook.com, exemplifies the need to build a security wall around corporate apps and data on a mobile device, a security expert says.
The Facebook controversy started late last month, when the social network quietly changed the default emails for all users to [name]@facebook.com. The change meant that messages would be forwarded to Facebook profile in-boxes, instead of the user’s chosen email address.
The situation got worse this week when it was reported some users found that the switch led to email addresses in their contact lists being changed to @facebook.com. For this to occur, the users had to have Facebook contact-sync enabled on Android, BlackBerry or iOS 6 devices.
For businesses, the mess is a warning of what can happen if employees are allowed to access corporate email, data and apps without separating them from all other information and services on a smartphone. Sensitive corporate data could end up on Facebook or other Internet service.
“It is a very dangerous reality that I may intend to communicate something highly sensitive from my iPad or Android [device] and not even realize I am emailing you on your Hotmail or Facebook address instead of your corporate account,” Chester Wisniewski, senior security adviser for Sophos, said by email.
People whose contact lists were altered found that messages sent never made it to their recipients. This led to complaints from users and a statement from Facebook, which blamed the fiasco on a bug that it has since fixed.
“For people on certain devices, a bug meant that the device was pulling the last email address added to the account rather than the primary email address, resulting in @facebook.com addresses being pulled,” a Facebook representative told ABC News.