Facebook said Wednesday that it believes most of its users who had a specific search function enabled have had their profile data scraped by third parties.
“We’ve seen some scraping,” CEO Mark Zuckerberg said on a call with reporters. “I would assume if you had that setting turned on that someone at some point has access to your public information in some way,” he said.
The setting Zuckerberg referred to is one where users let other users search for them by e-mail address or phone number instead of by name.
The company said earlier in a post from Facebook’s chief technology officer, Mike Schroepfer, that most Facebook users “could have” had their public profile scraped.
In a section discussing search and account discovery features, Schroepfer said this:
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”
In the call with media Wednesday, Zuckerberg clarified further. “It is reasonable to expect… someone has accessed your information in this way,” he said.
This news is in addition to Facebook’s claims that political analytics firm Cambridge Analytica gained access to data from as many as 87 million Facebook users. Media reports had previously placed the number at more than 50 million.