Our Facebook privacy nightmare somehow keeps getting worse.
The vast majority of Facebook users have likely had their public profile data scraped by third-parties, CEO Mark Zuckerberg revealed Wednesday.
The seemingly massive privacy loophole was the result of a feature that allowed people to search for friends using their phone number. The setting, which has now been removed, was enabled by default in order to make it easier for users’ to find friends.
But on Wednesday, Facebook’s chief technology officer Mike Schroepfer revealed that bad actors have been abusing the feature for years in order to gain access to public profile data. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” he wrote.
Zuckerberg on this: “We understood this more over the last few days, everyone has a setting whether people can look you up by your phone number… It’s reasonable to expect that if you had that setting turned on then someone accessed your public information in that way”
— Karissa Bell (@karissabe) April 4, 2018
Later, during a call with reporters, Zuckerberg confirmed that a large percentage of Facebook users have likely had their data scraped since the setting was enabled by default.
“It’s reasonable to expect that if you had that setting turned on, then someone accessed your public information in that way”
“It’s reasonable to expect that if you had that setting turned on, then someone accessed your public information in that way,” he said.
While third-parties were only able to gain access to public profile data — that is, information users had opted to share publicly — it’s another troubling sign for the company, which is grappling with a mounting privacy scandal. Worse still, these exploits apparently went undetected until very recently.
When asked why Facebook didn’t remove the feature earlier, Zuckerberg said that the company didn’t understand the extent to which it’d been abused until its recent audits.
The revelation came amid a number of other changes Facebook has made to its platform, following criticism over how its handled users’ private data. The company also announced changes to Facebook Login and much stricter controls over what types of data third-party developers can access.
Still, Zuckerberg noted that Facebook users are ultimately in charge of what data they hand over to Facebook. “”The vast majority of the data Facebook knows about you is because you chose to share it.”