The social network’s blog post this afternoon blames the security breach on a “bug” in the process it uses to make friend recommendations. Facebook improperly stored some of the matchmaking info. “As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection,” the company says. About 6M Facebook users were affected. In addition, “other email addresses or telephone numbers [were] included in the downloads, but they were not connected to any Facebook users or even names of individuals.” The company is sending emails to notify the people whose info was mistakenly distributed, and has alerted regulators in the U.S., Canada, and Europe. Facebook adds that it has “no evidence that this bug has been exploited maliciously” and has not received any complaints. It also says that “the practical impact of this bug is likely to be minimal” because the info went to “people who already had some of that contact information anyway, or who had some connection to one another.” Still, the company says it’s “upset and embarrassed” and plans to “work doubly hard to make sure nothing like this happens again.”