As Facebook continues to deal with the Cambridge Analytica debacle, the social network has announced some more revelations. It says 87 million, not 50 million, users may have had their data harvested by the electioneering firm. Separately, it added that virtually all the platform’s members are likely to have had their information scraped by malicious actors.
Chief technology officer Mike Schroepfer writes that Facebook’s 2.3 billion+ monthly users could have had their public data compromised via its search feature, which allowed anyone to find people by typing their phone number or email address into the search bar.
Cybercriminals trawling the dark web to obtain phone numbers and email addresses could use Facebook's search function to discover information about the people affiliated with them. While only public data was available, this often consists of profile pictures, hometowns, ages, dates of birth, places of work, etc.
"…malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way," wrote Schroepfer. The feature, which was enabled by default but could be turned off in the privacy settings, has now been removed.
"We built this feature, and it's very useful. There were a lot of people using it up until we shut it down today," said CEO Mark Zuckerberg, in a call with reporters.
Facebook also said it believed the number of people who may have had their data improperly shared with Cambridge Analytica was actually 87 million, not 50 million as previously reported. It added that 70 million of those affected were from the United States.
Cambridge Analytica disagrees with Facebook’s claim. Responding to the report, it writes that it licensed data for “no more than 30m people from GSR” and “did not receive more data than this.”