Facebook CEO Mark Zuckerberg revealed today that all 2,2 billion users of the social network should assume that their data has been intercepted by a third party.
The source of this vulnerability is the function search of Facebook, which allows anyone to search for users by email address or phone number. 
Users will have to allow this, via an option that states appearance of names in searches. The security settings for this option are enabled by default.
In a publication in the blog by CTO Mike Schroepfer, Facebook suggests the magnitude of the problem:
However, malicious third parties have abused these features to link public profile information by submitting their phone numbers or emails already via search and account recovery. Given the scale and complex activity we saw, we believe that most profile information has leaked in this way.
Zuckerberg confirmed how exposed Facebook had been to his users, to questions made to him by journalists according to TNW:
I will assume that if you had this setting turned on someone might have access to your public information somehow.
Mr. Mark Zuckerberg also stated that he feels responsible for the errors of his company but when asked if he still considered himself the best person to run the company, he said: "Yes."
