Facebook said Wednesday that it believes most of its users could have had their profile data, such as phone numbers and email addresses, scraped by third parties.
The announcement was buried inside a post from Facebook’s chief technology officer, Mike Schroepfer, which discussed changes that Facebook is making to tools that it offers developers.
In a section discussing search and account discovery features, Schroepfer said this:
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”
Facebook was not immediately available to clarify whether the statement that Facebook users “could have had their public profile scraped this way,” meant that it actually happened to most Facebook users.
In a call with media on Wednesday afternoon, CEO Mark Zuckerberg clarified further. “It is reasonable to expect… someone has accessed your information in this way,” Zuckerberg said.
This news is in addition to Facebook’s claims that political analytics firm Cambridge Analytica gained access to data from as many as 87 million Facebook users. Media reports had previously placed the number at over 50 million.
CNBC’s Michelle Castillo and Chloe Aiello contributed to this report.