First it was 55 million. Then 77 million. Now, it’s 2.2 billion, or pretty much every user on Facebook. That’s how many people should assume that their public profile information has been scraped.
The conversation began when it came to light that Cambridge Analytica (a political research firm) had misused Facebook’s search function to scrap profile data for tens of millions of Facebook’s users to help the Trump campaign win the recent presidential election.
As research into the matter has continued. However, it has become clear that Cambridge Analytica wasn’t the only group misusing the search feature, and that before Facebook disabled it, more than two billion of Facebook’s users had seen their public profile information scraped.
Essentially, Facebook was used to paint a more complete picture of users to build a profile which could be sold on the Dark Web.
Starting with stolen phone numbers or addresses, hackers developed automated routines that fed this information into Facebook’s search function, enabling them to link these bits of information with the names and locations of specific people. Having a more complete profile in hand made the data that much more valuable on the Dark Web, where it is currently being resold.
At 2.2 billion impacted users, it’s certain that this will be the year’s largest data breach. In fact, this one is likely to hold the world record for quite some time.
Facebook’s CEO, Mark Zuckerberg issued an apology to the company’s massive user base.
Mike Schroepfer, the company’s Chief Technology Officer, had this to say:
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery…we believe most people on Facebook could have had their public profile scraped in this way.”