Fury after Facebook messes up smartphone users’ address books

Angry phone owner. Image from ShutterstockRemember how Facebook sneakily changed your default email address to @facebook.com?

Well, it seems that the repercussions of that decision by the social network has caused even bigger problems.

Some smartphone users, particularly those using older Android devices, are reporting that their on-phone address books have been silently updated to make @facebook.com email addresses the default way to send a message to their contacts.

See this post, for example, from one affected user on Hacker News:

Sign up to our free newsletter.
Security news, advice, and tips.

"This morning my mother was complaining that many of the email addresses in her Droid Razr contacts had been replaced with Facebook ones. It would seem the Facebook app had been populating her address book with emails and contact photos, and decided to migrate all her Facebook-using contacts over to this convenient new system. That seems like a much greater controversy to me than Facebook hiding people's email addresses."

Android user's address book updated with @facebook.com addresses

In addition, there are reports from beta testers of iOS 6 that a similar problem is occurring on their iPhones. This is presumably because one of iOS 6’s features is greater synchronisation for the iPhone/iPad with Facebook.

Facebook contact sync on iOS 6

Here’s a simple of example of how this could go very wrong.

Imagine you’re Facebook friends with Helen, and your smartphone’s address book automatically syncs up with Facebook to ensure that you have the correct email address for her.

Facebook changed Helen’s default email address on the site (without telling her) to an @facebook.com address.

Your phone then automatically synced its contacts with the email address that Helen’s Facebook account was now displaying.

You email Helen, imagining it will go to the email account that she normally uses. Instead, it wings its way to her @facebook.com account.

Helen misses your email.

In short, Facebook’s changing of users’ email address to @facebook.com is one monumental screw-up.

I believe the site was trying to get more people to adopt @facebook.com email addresses for their regular communications, to make their dependence on Facebook even greater.

But they’ve ended up with more disgruntled users, who will be wary of the next time Facebook changes things without proper notification and without thinking of the repercussions.

If you don’t want your @facebook.com email address to be displayed on your profile (and don’t want it to be synced to friends’ smartphones), you should change your settings.

  • Click on the “About” tab on your profile
  • Go to the section marked “Contact info” and choose “Edit”

Facebook contact info

  • Adjust the settings to choose which – if any – of your email addresses (including the new @facebook.com email address that you have been given) you would like to appear on your timeline, and who has the rights to see it.
  • Press “Save”.

(You may also wish to adjust your phone’s (or Facebook app’s) settings to ensure that it is no longer synching your contacts. LifeHacker has published details on how to do that.)

This doesn’t, of course, mean that people can no longer email you at your @facebook.com address. According to Facebook, by default anybody on the site can send you a message, and anyone on the internet can email you at your new “[email protected]” address.

If you don’t like such a wide variety of people being able to send you messages, you will need to make further changes to your account’s settings.

  • Click the account menu at the top right of any Facebook page and choose “Privacy Settings”.
  • Next to the “How You Connect” heading, click “Edit Settings”.
  • Select your preference from the dropdown menu next to “Who can send you Facebook messages?”. Remember that “Everyone” doesn’t just mean everyone on Facebook, it means everyone on the entire internet

If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

Update: Facebook has told Gizmodo that it plans to roll out a fix for the problem. However, I would still strongly recommend checking that you are happy with what email addresses (if any) you are showing on your Facebook profile, and whether you want to sync your smartphone’s address book with the site.

Man yelling at his cellphone image, courtesy of Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.