Palo Alto, San Francisco,
On Wednesday, Facebook said that “We believe most of our users who had a specific search function enabled have had their profile data scraped by third parties.”
CEO Mark Zuckerberg said “We’ve seen some scraping, I would assume if you had that setting turned on that someone at some point has access to your public information in some way,”
The setting Zuckerberg referred to is one where users let other users search for them by e-mail address or phone number instead of by name.
Facebook’s chief technology officer, Mike Schroepfer said this:
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”
In the call with media Wednesday, Zuckerberg clarified further. “It is reasonable to expect… someone has accessed your information in this way,”
This news is in addition to Facebook’s claims that political analytics firm Cambridge Analytica gained access to data from as many as 87 million Facebook users, while Media reports estimated around 50 million only.