Facebook and Zuckerberg admit it: if you are on Facebook you should assume that your data has been compromised
The company’s technical director and its own CEO, Mark Zuckerberg, have admitted that data from most of the more than 2 billion Facebook users have surely been compromised . They also raise the users potentially affected by the Cambridge Analytica scandal from 50 to 87 million and have admitted that they scan everything that happens through Messenger.
The origin of such a serious condition, which would reach practically all users of the social network according to its own responsibility, is found in the search function of Facebook that allows searching any user through two data: email or number of phone. It is not a vulnerability as such, but the proper functioning of Facebook .
In an article published in the press area of the corporate website, the Facbeook CTO, Mike Schroepfer, explains the magnitude of the vulnerability:
Malicious actors have also abused these features to ‘scrape’ public profile information by sending phone numbers or email addresses they already have through the search and recovery accounts. Given the scale and sophistication of the activity we have seen, we believe that most people on Facebook could have had their public profile ‘scraped’ in this way.
The functionality that allowed scraping , a technique for extracting information from web pages, is enabled by default allowing the names of users to appear in searches so that others can find them. Hence, consider that most users of the platform, more than 2,000 million worldwide, have probably been compromised the information of their public profile.
Access tools for anyone, as created by an “ethical hacker” we talked about in the past, allow us to examine all the public information of a Facebook profile that the network does not show.
Zuckerberg says that users must “assume” access to their information
In a call to the press cited by The Next Web , Mark Zuckerberg confirmed the data exposure ensuring that users should assume it:
I would assume that if you had that setting activated, at some point someone has access to your public information in some way.
The media explains that Zuckerberg said he felt responsible for Facebook’s mistakes although he hopes to learn from it and considers himself the best person to run the company. Schroepfer, meanwhile, says in his writing that the function that has allowed this exposure of information so important, and not unknown, has been deactivated . “We are also making changes in the recovery of accounts to reduce the risk of scraping, ” he added.