Facebook CEO Mark Zuckerberg revealed today that all 2,2 billion users of the social network should assume that their data has been intercepted by a third party.
The source of this vulnerability is the mode searchof Facebook, which allows anyone to look up users by their email address or phone numbers.
Users will have to allow it, through a selection that indicates the appearance of names in searches. The security settings for this option are enabled by default.
In a publication in the blog by CTO Mike Schroepfer, Facebook suggests the magnitude of the problem:
However, malicious third parties have abused these features to link public profile information by submitting phone numbers or email addresses they already have through search and recoveryof accounts. Given the scale and complexity of the activity we've seen, we believe most profile information has been leaked this way.
Zuckerberg confirmed how exposed Facebook had been to his users, to questions made to him by journalists according to TNW:
I will assume that if you had this setting turned on someone might have access to your public information somehow.
Mr. Mark Zuckerberg also stated that he feels responsible for the errors of his company but when asked if he still considered himself the best person to run the company, he said: "Yes."