Facebook allowed data scraping through phone numbers for years
Facebook recently revealed that a maximum of 87 million users could have been affected by the Cambridge Analytica scandal. To that end, the company announced several changes against data collection, restricting access to user information in numerous areas. One of them was disabling the capability of entering users' phone number or email address to find them on the website to reduce instances of data scraping.
Facebook admits that "malicious actors" abused the feature
Explaining the change, CTO Mike Schroepfer admitted, "Malicious actors have abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search." "Given the scale and sophistication of the activity we've seen, we believe most people on Facebook could have had their public profile scraped in this way," he added.
Let that sink in
This means that earlier, a hacker could buy a huge database of phone numbers on the dark web, run them through Facebook search, and hunt down all through publicly available data on its owner. This information could include photos, marriage status, email address, birthday, location, and pet names. For quick results, hackers could very well automate the entire process. And they did.
Breach of trust much?
What's appalling is that Facebook knew that automated scripts were hitting its servers to scrape data using phone numbers, and chose to do nothing until now. Zuckerberg explained that Facebook did prevent basic automation but "a number of folks were cycling through many thousands of IP addresses to evade the rate-limiting system, and that wasn't a problem we really had a solution to."
How the feature could adversely affect you
For example, a scammer can obtain necessary information from Facebook and use it to pretend to be an authentic bank official. Security researcher Ken Munro said, "If you wanted to scam somebody, you had a route to find their details and know their name."
Next breach of user trust: Deletion of private messages
It has come to light that Zuckerberg's sent messages on Facebook Messenger have been erased from a lot of personal chats. You can only delete a message from your end of the conversation and not from the inbox of the recipient, but reports confirm that Zuckerberg's messages from as back as 2010 have disappeared from several inboxes.
Did it to protect high-profile executive communication
In response, Facebook touted corporate security. "After Sony Pictures' emails were hacked in 2014 we made a number of changes to protect our executives' communications. These included limiting the retention period for Mark's messages in Messenger. We did so in full compliance with our legal obligations." For the uninitiated, the Sony hack revealed President Michael Lynton's e-mails and the company's secret acquisitions and strategies.
So Facebook can dive into your private chats, great!
The issue remains that Facebook neither publicly nor privately disclosed the removal of Zuckerberg's messages. It is shocking, to say the least, that the company could tamper with your private chats without any heads up whatsoever. Notably, Facebook Messenger now has 1.3 billion users worldwide.
Zuckerberg's old chat
In 2010, Zuckerberg's old, informal messages from 2004 were revealed. This was when he was 19 years old and had just started 'The Facebook'. He had said, "yea so if you ever need info about anyone at harvard...just ask...i have over 4000 emails, pictures. people just submitted it..i don't know why...they "trust me"...dumb fucks." Zuckerberg had later apologized for the unwitting messages.