Facebook released a statement on Friday informing users that it recently discovered a bug that shared user data with other users through the "Download Your Information" tool.
"The latest Facebook privacy breach was discovered last week," a company insider who declined to be indentified told TheWrap.
The bug has been active since last year, but the problem was fixed by Facebook as soon as it was made aware of it, the individual said.
Also read: Facebook Reaches Settlement with FTC on Privacy Violations
Six million user accounts were affected, though the statement made sure to point out that only email addresses and telephone numbers were shared, and only downloaded to one or two other users.
Facebook is notifying the accounts affected via email right now to tell them what information was shared and to how many other users. As you can imagine, it could take a while to send out six million emails.
Also read: Don't Cry for Facebook: Privacy Is a Choice, and What's the Alternative?
The news probably won't do great things for Facebook's stock (the announcement was made after NASDAQ closed for the day) but it was profitable for at least one person: a "bug bounty" of "at least $500" was paid to the security researcher who found the bug.