All of Facebook's 2.2 billion users should assume that their public data has been compromised: Zuckerberg

The root of the vulnerability lies in Facebook's search function which allows anybody to look up users using their email address or phone numbers.


After revealing that the personal information of up to 87 million users may have been improperly shared with Cambridge Analytica, Facebook CEO Mark Zuckerberg today revealed that all 2.2 billion users of the social media platform should assume that their public data has been compromised by third-party apps.

All of Facebooks 2.2 billion users should assume that their public data has been compromised: Zuckerberg

Facebook Founder and CEO Mark Zuckerberg

Apparently, the root of this vulnerability lies in Facebook's search function which allowed anybody to look up users using their email address or phone numbers. Facebook had this feature to ensure that searching for friends or acquaintances was easier on Facebook, in case the name had to be searched in a language other than English or if the name was too common to throw up many results on the platform.

According to a report by The Next Web, Facebook users are allowed the option to opt out of being visible in searches made using email IDs and phone numbers, but this option is turned on in the Security Settings page by default.

Taking responsibility for the breach, Zuckerberg in a call with representatives of the press said, "I would assume if you had that setting turned on that someone at some point has access to your public information in some way."

Chief Technology Officer of Facebook, Mike Schroepfer in a blog post also hinted at the vulnerability where he stated, "Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery."

"Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way," added Schroepfer.

Facebook did not disclose who the malicious actors are or how the data might have been used. We also do not know exactly how many people were affected.

Schroepfer, in the blog post, also confirmed that information of up to 87 million people, of which 71 million user hail from the US, may have been improperly shared with Cambridge Analytica. There are 5.6 lakh Indian users on that list as well.