On Wednesday, Facebook said that “malicious actors” had taken advantage of search tools on its platform, allowing them to discover the identities of most of its 2 billion users, and collect information about them. The abuse of Facebook’s search tools, now disabled, happened over several years on a widespread basis, with very few of its users avoiding being caught up in the scam, company officials said.
It began with malicious actors harvesting email addresses and phone numbers from the Dark Web, and using them to feed into Facebook’s “search” box, letting them discover the full names of people linked to the phone numbers or email addresses and then view their public profiles. In a blog post Wednesday, the company said, “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped.”
Users could have blocked this search function, however, it was the default position for users, and research has consistently proven that users of online platforms infrequently alter default privacy settings, and typically do not understand what information they are sharing.
The hackers also took advantage of the account recovery function on the platform and pretended to be legitimate users who had forgotten their account details, which also directed the hackers to public profiles and any information found there.
Facebook did not say who the malicious actors might be, or how the data may have been used. However, experts on cybercrime say that names, phone numbers, email addresses and other personal data offer a foundation for identity theft and other malevolent online activity.
The revelation came out amid the recent Cambridge Analytica scandal, which has revealed that the political consultancy firm hired by President Trump’s campaign and other Republicans, improperly gathered detailed information on 87 million people via Facebook, 71 million of whom were Americans.
The company has been dealing with the fallout of how the data of so many Americans found itself in the hands of Cambridge Analytica, a British-based firm. The reports initially sent the company’s stock price tumbling and have spurred political investigations in the United States, Europe and beyond. Australia and Germany have recently threatened or launched investigations into the misuse of foreign users’ data. India (Facebook’s biggest market) has asked for more detailed information from Facebook and Cambridge Analytica, with a Saturday deadline. Mark Zuckerberg is set to testify in front of Congress in a series of hearings next week.
Meanwhile, a widespread debate about privacy and ethics in relation to social media is also occurring in Europe, which has long sought ways to rein in U.S. tech giants, and may finally lead to greater regulation, forcing tech companies to implement broader changes to protect customer data worldwide. The new revelation that “malicious actors” had been able to discover the identities and collect data of most of its two billion global users will no doubt add flames to the worldwide debate.