Facebook Admits Most Of Its 2B Users Had Their Public Profiles Scraped Without Permission

Another data issue for Facebook: The company announced that “malicious actors” were able to use search tools to discover the identities and collect information on most of its 2 billion users worldwide.

The news came on the same day that the social media site admitted that data improperly shared with Cambridge Analytica could be much higher than the originally estimated 50 million users. In fact, Facebook now says that up to 87 million users may have had their data shared with the research firm.

According to The Washington Post, the abuse of Facebook’s search tools, which are now disabled, happened on a broader scale and over several years. Even worse: few Facebook users were probably able to avoid the scam, company officials stated.

The company explained that malicious hackers harvested email addresses and phone numbers on the “Dark Web,” where criminals post stolen information. This type of personal information is a key part of identity theft and other malicious online activity.

In Facebook’s case, hackers used automated computer programs to feed the information into Facebook’s “search” box, allowing them to find the full names of people affiliated with the phone numbers or addresses, along with any Facebook profile information they made public.

“We built this feature, and it’s very useful. There were a lot of people using it up until we shut it down today,” Chief Executive Mark Zuckerberg said in a call with reporters.

While Facebook users could have blocked the search function, research shows that online users rarely change default privacy settings. They also often do not understand exactly what information they are sharing.

“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped,” the company stated.

Hackers also took advantage of Facebook’s account recovery function, pretending to be legitimate users who had forgotten account details. As a result, the system served up names, profile pictures and links to the public profiles. This is a tool that can also be blocked in privacy settings.

Facebook didn’t disclose who the malicious actors are, how the data might have been used, or exactly how many people were affected.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.