| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- Facebook Inc experienced a software failure incident where they inadvertently exposed 6 million users' phone numbers and email addresses due to a technical glitch in their system [19607].
(b) The software failure incident having happened again at multiple_organization:
- The article mentions that several consumer Internet companies, including Facebook, Google, Microsoft, Apple, and Yahoo, were involved in turning over user data to a large-scale electronic surveillance program run by U.S. intelligence [19607]. This indicates a broader issue of data privacy and potential software failures across multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase was due to a technical glitch in Facebook's massive archive of contact information collected from its users. This glitch led to the exposure of 6 million users' phone numbers and email addresses to unauthorized viewers. The incident began in 2012 and was caused by a bug that allowed Facebook users who downloaded contact data for their list of friends to obtain additional information they were not supposed to have [19607].
(b) The software failure incident related to the operation phase was highlighted by the delay in publicly acknowledging the bug by Facebook. The company's procedure stipulated that regulators and affected users be notified before making a public announcement, leading to a delay in addressing the issue promptly. Despite fixing the bug within 24 hours of being alerted, Facebook did not publicly acknowledge the issue until later, which could be seen as a failure in the operational response to the incident [19607]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident of Facebook inadvertently exposing 6 million users' phone numbers and email addresses was attributed to a technical glitch within Facebook's system. The data leaks were caused by a glitch in Facebook's massive archive of contact information collected from its users [19607]. The security team at Facebook was alerted to the bug and fixed it within 24 hours, indicating that the failure originated from within the system itself. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurred due to non-human_actions:
- The software failure incident on Facebook was attributed to a technical glitch in its massive archive of contact information collected from its users [19607].
- Facebook blamed the data leaks on a technical glitch that exposed 6 million users' phone numbers and email addresses to unauthorized viewers [19607].
(b) The software failure incident occurred due to human_actions:
- Facebook's security team was alerted to the bug and fixed it within 24 hours [19607].
- Facebook did not publicly acknowledge the bug until later, following company procedure that regulators and affected users be notified before making a public announcement [19607]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the article was not attributed to hardware issues but rather to a technical glitch in Facebook's archive of contact information, which resulted in the exposure of 6 million users' phone numbers and email addresses [19607]. This glitch was a contributing factor originating in the software system rather than hardware. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident in this case was non-malicious. Facebook disclosed that the exposure of 6 million users' phone numbers and email addresses was due to a technical glitch in its archive of contact information collected from users. The company stated that there was no evidence of malicious exploitation of the bug and that they had not received complaints or observed anomalous behavior suggesting wrongdoing [Article 19607]. |
| Intent (Poor/Accidental Decisions) |
accidental_decisions |
(a) The software failure incident related to the exposure of 6 million users' phone numbers and email addresses on Facebook was primarily due to poor_decisions. Facebook inadvertently exposed the data due to a technical glitch in its archive of contact information collected from users. The company acknowledged the breach was a result of a bug and took responsibility for the incident. The delay in publicly acknowledging the bug was attributed to company procedure requiring notification of regulators and affected users before making a public announcement [19607]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the Facebook data leak incident. The exposure of 6 million users' phone numbers and email addresses was attributed to a technical glitch in Facebook's archive of contact information collected from its users. This glitch allowed users who downloaded contact data for their friends to obtain additional information they were not supposed to have. The incident showcases a failure due to contributing factors introduced by a lack of professional competence in managing user data securely [19607].
(b) The accidental nature of the software failure incident is highlighted by Facebook's response to the bug. The company's security team was alerted to the glitch and fixed it within 24 hours. However, Facebook did not publicly acknowledge the bug until later, as part of company procedure to notify regulators and affected users before making a public announcement. The delay in acknowledging the bug was not intentional but rather a result of following internal protocols, indicating an accidental aspect to the handling of the incident [19607]. |
| Duration |
temporary |
(a) The software failure incident in the Facebook data leak case was temporary. It was caused by a technical glitch in Facebook's archive of contact information, which led to the exposure of 6 million users' phone numbers and email addresses. The glitch occurred over the past year and was discovered by Facebook's security team, who fixed it within 24 hours of being alerted. The incident was not permanent as it was a specific issue related to the glitch in the contact data archive, and Facebook took immediate action to rectify the problem [19607]. |
| Behaviour |
omission, value |
(a) crash: The software failure incident in the article does not involve a crash where the system loses state and does not perform any of its intended functions. [19607]
(b) omission: The software failure incident can be categorized under omission as the system omitted to perform its intended functions by exposing 6 million users' phone numbers and email addresses to unauthorized viewers due to a technical glitch in Facebook's archive of contact information. This omission led to users obtaining additional information they were not supposed to have. [19607]
(c) timing: The software failure incident is not related to timing issues where the system performs its intended functions correctly but too late or too early. [19607]
(d) value: The software failure incident falls under the value category as the system performed its intended functions incorrectly by exposing users' contact information to unauthorized viewers due to a technical glitch. [19607]
(e) byzantine: The software failure incident does not exhibit byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. [19607]
(f) other: The software failure incident does not fall under any other specific behavior category mentioned. |