Facebook has made alarming confessions related to its security policies in a long, comprehensive post. A report cited in the blog post raises further questions about Facebook’s data sharing policies.
The author of the post, Mike Schroepfer, is Facebook’s Chief Technology Officer (CTO) and has written down 9 steps which Facebook has taken to fix the loopholes in their system.
These loopholes have been used by “malicious actors” for quite some time to scrape public data.
Furthermore, the company has promised to make their privacy policies stricter and has removed “features” that allowed 3rd parties to get access to data.
‘Most’ Users Had Their Data Leaked
Mark Zuckerberg, the social media giant’s CEO, admitted that “most” of Facebook’s 2 billion profiles may have been compromised with their data stolen by “malicious actors”.
Apparently, a feature within Facebook’s search function allowed this data abuse – Facebook has disabled this feature for now.
The CEO said,
It is reasonable to expect that if you’ve had that setting on in the last several years that someone has accessed your information,
Cambridge Analytica Recap
Facebook has more data on you than you expect and it can be used for all sorts of purposes. In Cambridge Analytica’s case, it was used to influence voters by displaying the relevant advertisements to users whose profiles had been compromised, to aid Donald Trump’s 2016 presidential campaign.
According to previous estimates, 50 million accounts were leaked and used by the company but subsequently, a whistleblower revealed that the total number was “much higher”.
This allegation has been confirmed, Facebook said in their post that actually 87 million profiles were improperly shared with Cambridge Analytica. And not just US-based profiles, some of the profiles belonged to people residing in other countries.
The Search Feature
Facebook allowed everyone to search for specific profiles using their phone numbers or email addresses, you might have used this feature too.
According to Schroepfer, this feature helped people in other countries, especially those where languages other than English were spoken, to search for friends whose names may have been hard to type.
However, malicious entities have managed to exploit this feature as well and have been able to get personal details including birthdays, family names, hometowns etc. The CTO added,
Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.
Facebook’s other steps to improve privacy include enhancing App control, disabling Partner Categories, and changing policies for Call/Text history storage. Here’s Facebook’s official newsroom post which contains a complete list of changed features and a “Cambridge Analytica” graph at the end.