Given the lack of privacy, people need to separate their personal contact lists from their business address book. "I do not think that my employer's email contact book is mine to share," said Anton Chuvakin, a Gartner research director of risk management.
To avoid problems, many companies have policies for handling business contact lists, Chuvakin said.
In 2011, the Federal Trade Commission (FTC) announced a broad settlement with Facebook over its handling of user data. The agreement involved Facebook agreeing to honor people's privacy wishes, and to subject itself to regular audits for the next 20 years.
"Facebook is under a consent order with the FTC that requires the company to develop a comprehensive privacy program," said David Jacobs, a consumer protection fellow for the Electronic Privacy Information Center. "It will be interesting to see if this bug causes the FTC to take a closer look at the effectiveness of that program."
In the meantime, people have to assume when contact information is handed out, it will be shared.
"The value of contact information is based on sharing that data with others," Walls said. "This means the data will be held by multiple people using a wide variety of tools and platforms. Something will break somewhere."
Sign up for CIO Asia eNewsletters.