Facebook said Wednesday that "malicious actors" exploited the search tools on its platform, which allowed them to discover their identities and gather information about most of their 2 billion users worldwide.
The revelation came amid increasing recognition from Facebook about its efforts to control the data it collects from users. Announcements on Wednesday included that Cambridge Analytica, a political advisor hired by President Trump and other Republicans, had collected inappropriately detailed Facebook information on 87 million people, of which 71 million were Americans.
But the misuse of Facebook's search tools ̵
The scam started as malicious hackers email addresses and phone numbers on the so-called "Dark Web," where criminals over the years publish information that they have stolen for privacy reasons. Then, hackers used automated computer programs to route the numbers and addresses into Facebook's "search" box so they could find the full names of the people associated with the phone numbers or addresses along with their frequently-publicized Facebook profile information including her profile photos and her hometown.
"We've developed this feature and it's very useful – there were a lot of people who used it until we closed it today," Chief Executive Mark Zuckerberg told reporters Wednesday.
Facebook said in a blog post Wednesday, "given the scale and sophistication of the activity we've seen, we believe that most people on Facebook could have scraped off their public profile."
Facebook users could block this search feature, which was enabled by default, by restricting their settings so they could find their identity by phone numbers or e-mail addresses. However, research has shown that online platform users rarely adapt the default privacy settings and often do not understand what information they share.
Hackers also abused Facebook's account recovery function by posing as legitimate users who had forgotten account information. The Facebook recovery system provided names, profile pictures and links to the public profiles themselves. It was unclear whether the account recovery tools could also be blocked in the privacy settings.
Names, phone numbers, e-mail addresses, and other personal information are important starter kits for identity theft and other malicious online activity, cybercriminals say. The Facebook hack enabled bad actors to link raw data to people's real identities and build fuller profiles of it.
Privacy experts had issued warnings that the Phone Number and Email Lookup tool was revealing Facebook users' data.
Facebook did not disclose who the malign actors are, how the data was used or how many people were affected.
The revelations about the grievances in privacy come at a perilous time for Facebook, which since the last month with the fallout of how the data of tens of millions of Americans landed in the hands of Cambridge Analytica. These reports have fueled investigations in the United States and Europe, shaking the company's share price.
The news quickly echoed on Capitol Hill, where MEP Zuckerberg will grill in a series of hearings next week.
The more we learn, the more it becomes clear that this was an avalanche of privacy violations that hit the core of one of our most precious American values - the right to privacy, "said Sen. Ed Markey (D-Mass.) who serves on the Senate Commerce Committee, which has asked Zuckerberg to testify at a hearing next week.
Perhaps the most pressing question for Facebook is whether its practice came up with a ruling that sparked previous controversy with the Federal Trade Commission in 2011 on the handling of user data.
"This is a company that, in my opinion, largely fails to comply with the FTC Consent Regulation," said Vladeck, now a Georgetown University Law Professor. "I do not think they have any defense after this revelation." He described the numbers as "simply stunning".
The data received by Cambridge Analytica was based on various techniques and was more detailed and extensive than what hackers collected using Facebook's search capabilities. The Cambridge Analytica dataset included usernames, hometowns, work and education histories, religious affiliations, and users' Facebook likes. Other affected users were in countries like the Philippines, Indonesia, the UK, Canada and Mexico.
Facebook said it banned Cambridge Analytica last month because the data company received improperly profile information.
Personal information about users and their Facebook friends was easy and widely available to developers of apps prior to 2015.
Facebook in March declined to say how many user data went to users, only 270,000 people had responded to a survey on a 2014 research-created app was able to provide information about the friends of the respondents without their consent collect and expand the scope of its data significantly. He then passed the information on to Cambridge Analytica.
Facebook declined to say at the time how many other users might have collected their data in this process. A Cambridge Analytica whistleblower, former researcher Christopher Wylie, said last month that the actual number of people affected was at least 50 million
Wylie tweeted on Wednesday afternoon that Cambridge Analytica would have received even more than 87 million profiles. "Could be more tbh," he wrote, using an acronym for "to be honest."
Cambridge Analytica responded on Wednesday to the announcement from Facebook, saying that it had licensed data from 30 million users. She denied that Facebook data was collected or abused.
Cambridge Analytica was founded by a billionaire investment by hedge fund billionaire Robert Mercer and led by his daughter Rebekah Mercer, who according to documents was the president of the company provided by Wylie. The vice president was the conservative strategist Stephen K. Bannon, who also took over the leadership of Breitbart News. He has since left both jobs and also his position as top White House advisor to Trump.
With its steps in the past week, Facebook has begun a major shift in its relationship with third-party app developers who have used Facebook to expand their business network. What was largely an automated process will now lead developers to agree to "stringent requirements," the company said in its blog post Wednesday. The policy change of 2015 hampered developers 'ability to access data through friends' networks, but left many loopholes, which heightened on Wednesday.
"This latest revelation is extremely disturbing and shows that Facebook still has much to do to determine how big this break actually is," said MP Frank Pallone Jr. (DN.J.), the House's top Democrat Energy and Commerce Committee, which will hear from Zuckerberg next Wednesday.
"I am deeply concerned that Facebook is only addressing concerns on its platform when it becomes a public crisis, and that's just not the way you run a business that is used by more than 2 billion people," he said. Facebook announced plans on Wednesday to add new restrictions on how outsiders can get access to these data, the last steps in a year-long process to improve its damaged reputation as the administrator of the personal privacy of its users.
Developers Accessible In The Past The relationship between people, the calendar, private Facebook posts, and much more data is now being cut off, or it has to endure a much more rigorous process for obtaining the information, Facebook said. If users enter a Facebook event in their calendars, they could also automatically import lists of all people, […] English: www.mjfriendship.de/en/index.php?op…27&Itemid=47. who participated in this event, so Facebook. Administrators of private groups, some of whom have tens of thousands of members, could also have apps scrape the Facebook posts and profiles of members of that group. App developers who want this access now have to prove that their activities benefit the group. Facebook now needs to approve tools that companies use to run Facebook pages. For example, a company that uses an app to quickly respond to customer messages can not do so automatically. Developer access to Instagram is also severely restricted.
Facebook prohibits apps from accessing information about their religious or political views, relationship status, education, work history, fitness activities, reading habits, listening to music and news reading activity, video surveillance and games. Data brokers and companies collect this type of information to create profiles of their customers' tastes.
Correction: An earlier version of the story said malicious actors used Facebook's tools to get email addresses and phone numbers. In fact, the vicious actors used e-mail addresses and phone numbers they had previously gathered to obtain other personal information such as name, hometown, profile photos, and other public information from Facebook profiles.