Facebook engineers have fixed a privacy bug that disclosed e-mail addresses and phone numbers of about 6 million account holders to other users, company officials said Friday.

The inadvertent disclosure was included in archives generated when people used the Facebook Download Your Information tool. The service allows users to acquire the entire contents of their accounts. In some cases, the archives contained private e-mail addresses and phone numbers belonging to people the account holder had searched for on Facebook. In a blog post published Friday, company representatives wrote:

We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing. Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again. Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure.

Company officials have already notified regulators in the US and Canada of the disclosure and are in the process of notifying affected users through e-mail.

The bug was reported through the Facebook bug bounty program, which pays researchers a minimum of $500 for privately reporting vulnerabilities that affect security or privacy on the site. The flaw stemmed from the way Facebook generates friend recommendations to users.