Facebook CEO Mark Zuckerberg has warned of huge privacy violations that potentially impact nearly every single user of the site.
On Wednesday, Zuckerberg said it is “reasonable to expect” that potentially every Facebook user has had their information scraped from the social network.
In a conference call to journalists, Zuckerberg said that its account recovery and search tools could be exploited so that contact details and other information could be collected from public profiles by third parties.
“We’ve seen some scraping,” CEO Mark Zuckerberg said on the call with reporters.
“I would assume if you had that setting turned on that someone at some point has access to your public information in some way,” he said.
“It is reasonable to expect… someone has accessed your information in this way,” he added.
Data scraping is the process of collecting data from the web and normally carried out automatically using computer scripts.
The setting Zuckerberg refers to is the one where users let other users search for them by phone number or email address rather than by name.
Meanwhile, the company’s chief technology officer Mike Schroepfer said in a post that malicious third parties had “abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery”.
Schroepfer’s post said:
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”
Facebook is in the midst of a widening privacy scandal after is was revealed this week that the private data of 87 million users may have been improperly shared with political consultancy firm Cambridge Analytica, almost 40 million more than first estimated.
From next Monday (April 9), Facebook will give users a link, which will appear at the top of their New Feed so they can easily check what apps have access to their Facebook data.