Facebook users run the range in their concern for privacy, some choosing to throw caution to the wind and saturate their profiles with offensive statuses or inappropriate pictures for all to see, others locking down their profiles so that they can’t even be found in a search. Neither group will be particularly pleased with the news the social media company revealed to the public on Sunday, however, since it appears that a flaw in Facebook’s security may have resulted in a massive exposure of users’ personal information.

According to a statement published on Sunday, the security oversight arises from Facebook’s process for generating user-specific friend suggestions (in other words, the “People You May Know” section that pops up in your profile’s sidebar). The bug, which evidently allowed some users’ contact information to be accessed by non-friends, arose from the program that Facebook uses to generate and present possible friend connections.

Recommendations on Facebook, whether they come in the form of the aforementioned “People You May Know” sidebar or as pages that might appeal to the user in question, utilize a good deal of personal information to assure that they are customized in the most effective manner possible. For friend recommendations, Facebook browses friend and contact lists (or address books) to find people with whom you share a significant number of mutual friends.

Evidently, the security flaw took the contact information derived from those searches–information usually kept private by most users–and made it public in a manner that represents a major breach in the company’s commitment to user privacy. For example, contact information may have been made freely available to all friends viewing your account (regardless of your privacy settings), or even to non-friends for whom your profile appears on the “People You May Know” tab.

By any measure, the bug is a disastrous cap to what has already been a tough few weeks for the social networking website. Privacy regulations have been on the lips of many recently, ever since a June 6 news leak revealed that the government was producing covert court orders and forcing internet-based companies to hand over user information. Facebook diffused that situation last Friday, making themselves the first implicated company to offer additional information about the governmental requests. But with Sunday’s bad news, the company may be building a PR nightmare for themselves.

Facebook estimated that six million users had been affected by the security oversight. And while the information revealed as a result of the bug is limited to phone numbers and email addresses, many privacy-minded individuals will likely see this occurrence as a sign that Facebook is getting careless with their personal information.