- A Facebook feature allowed people on the internet to look up Facebook users by their phone number or email address, and “scrape” data off of their public profile.
- The feature was turned off on Wednesday, Facebook said.
- Facebook users should assume their data has been scraped, Mark Zuckerberg said on a conference call with reporters.
It turns out most Facebook users may have already had their data accessed by outsiders.
This morning, Facebook admitted that as many as 87 million people might have been affected — up from the 50 million disclosed by some media outlets — as part of the ongoing Cambridge Analytica scandal that led to user data being mishandled by a third-party app and passed on to the political consultancy company.
That’s a pretty big jump and you can expect to hear some more calls for users to #deletefacebook. But that’s not all.
In a lengthy statement that detailed their plans to restrict data access, the company also revealed that it believes most of its 2.2 billion users “could have had their public profile scraped” by third parties without their knowledge.
Here’s what we know:
Cambridge Analytica data haul was much bigger than first thought
Most of those affected are in the United States, but more than 300,000 Australians may have also been caught up in the scandal.
It’s pretty much summed up in this graph:
In the graph above, the company disclosed they “do not know precisely what data the app shared with Cambridge Analytica or exactly how many people were impacted”.
Facebook chief executive officer Mark Zuckerberg said they calculated the 87 million figure by constructing “the maximum possible number of friends lists that everyone could have had over the time, and assumed that [Cambridge University scholar Aleksandr] Kogan queried each person at the time when they had the maximum number of connections that would’ve been available to them”.
“That’s where we came up with this 87 million number. We wanted to take a broad view that is a conservative estimate,” he said.
“I am quite confident that given our analysis that it is not more than 87. It very well could be less, but we wanted to put out the maximum we felt that it could be as that analysis says.”
Facebook said it would tell people if their information may have been improperly shared with the consultancy company.
That will be of interest to the Australian Privacy Commissioner, who was already investigating whether any Australians had been caught up in the international scandal.
Your phone numbers, emails might have been used to access your profile info
You know how you can search another person’s phone number or email address in Facebook to find them?
It’s pretty useful for helping find your friends in languages which take more effort to type out a full name, or where many people have the same name.
Facebook users can choose not to be searchable in this way, but the scale of the activity was apparently so bad that Facebook admitted most users could have had their public profile information extracted by “malicious actors”.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” it said.
Mr Zuckerberg explained in a call with reporters why users could be caught up in this.
“It’s reasonable to expect if you had that setting turned on that at some point in the last several years, someone has accessed your public information,” he said.
There are more changes on the way
Facebook’s latest update confirms that they are looking at restricting data access — mostly to outsiders and third parties.
That’s on top of their plans to rearrange their privacy settings.
Some of the changes include:
- Apps will no longer be allowed to ask for access to all your person information — such as religious or political views, relationship status and details, custom friends lists, education and work history, etc
- From next Monday Facebook will show users a link at the top of their News Feed so they can see what apps they use — and the information they have shared with those apps
- Users will have a chance to delete apps they no longer want
- Facebook will delete your call and text logs older than one year. It will also be limiting the information it collects — including your call times
- It’s also restricting access that apps can get about users’ events, as well as information about groups such as member lists, content and personal information attached to posts
- All future access to apps reading posts or comments from any page will need to be approved by Facebook
And it might take years to fix Facebook’s issues
Mr Zuckerberg said fixing the company’s problems will take years.
He said he thinks that by the end of this year the company will have “turned a corner” on a lot of the issues.
Mr Zuckerberg also admitted he made a “huge mistake” in failing to take a broad enough view of what Facebook’s responsibility is in the world and said he’s made fixing the company his personal challenge for 2018.
He is due to face a US House committee on Facebook’s data issues on April 11 — his first testimony before Congress.