Facebook data 'scraping' is no surprise, cyber security expert says
Scammers will have attempted to "acquire absolutely anything of value" from Facebook profiles, a cyber security expert has warned in the wake of the social network admitting profile data had been "scraped" from the site.
Facebook said on Wednesday it was likely "most people" on the site could have had their public profile harvested for data by people who abused a feature that allows individuals to search for friends by typing in their phone number or email address.
The social network, which has more than two billion users, said it discovered "malicious actors" had abused the facility by using it to link phone numbers and emails to user names and profiles. The company said it has now disabled the feature.
Security researcher Lee Munson, from Comparitech, said the modern value of data meant no-one should be surprised by the admission.
"Mark Zuckerberg's assertion that the vast majority of Facebook users have left themselves open to data scraping is spot on, as are his thoughts on the likelihood that such data scraping has actually occurred. And no-one should be surprised in the least about that," he said.
"We live in a period of time when information is arguably more valuable than currency itself and personal data is the most valuable of all.
"With that in mind, it would likely be safe to assume that unscrupulous companies and bad actors alike have used automated scripts to acquire absolutely anything of value that they can find on Facebook, as well as every other website online, to build consumer profiles."
Mr Munson said the information could also be used by criminals for phishing scams where they pose as real people.
Facebook's privacy settings do enable users to choose who can see their email address and phone number in searches, but the default setting makes this information visible to everyone on the site.
The company's data policy is under heavy scrutiny following the Cambridge Analytica scandal, now believed to have affected up to 87 million users.
Speaking to reporters on Wednesday, Facebook boss Mr Zuckerberg said: "I certainly think that it is reasonable to expect that if you had that setting turned on, that at some point during the last several years someone has probably accessed your public information in this way."
Mr Munson added that the only way to fully protect personal data was to change consumer behaviour.
"The long-term solution to this problem is one that would be unpalatable for most people - stop posting personal and other sensitive information online," he said.
"Sadly, however, the majority fail to remember that when a site offers a product or service for 'free', it is usually being paid for in other ways, such as the giving up of personal privacy."
Facebook said the phone and email search feature had been useful as it helped users find friends in countries with lots of common names, and in languages where it takes longer to type out a full name.
The company said in Bangladesh for example, phone number searches made up "7% of all searches".
Mr Zuckerberg also said he believed he was still the right man to lead the social network in the wake of the data scandal.
"I think life is about learning from your mistakes and working out what you need to do to move forward," he said.