Facebook Inc. said data on most of its 2 billion users could have been accessed improperly, giving fresh evidence of the ways the social-media giant failed to protect people’s privacy while generating billions of dollars in revenue from the information.
The company said it removed a feature that let users enter phone numbers or email addresses into Facebook’s search tool to find other people. That was being used by malicious actors to scrape public profile information, it said.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” the company said. “So we have now disabled this feature.”
Facebook also said data on as many as 87 million people, most of them in the U.S., may have been improperly shared with research firm Cambridge Analytica. This is Facebook’s first official confirmation of the possible scope of the data leak, which was previously estimated at roughly 50 million. It has resulted in calls from legislators and policy makers for greater regulation of social media, helping to shave billion of dollars from the company’s market value.