Facebook CEO Mark Zuckerberg today revealed that even 2,2 billion users of the social network should assume their data has been stolen from third parties.
The source of this vulnerability is the mode searchof Facebook, which allows anyone to look up users by their email address or phone numbers.
Users will have to allow this, through a choices that reports the appearance of names in searches. The security settings for this option are enabled by default.
In a publication in the blog by CTO Mike Schroepfer, Facebook suggests the magnitude of the problem:
However, malicious third parties have abused these features to link public profile information by submitting their phone numbers or emails already via search and account recovery. Given the scale and complex activity we saw, we believe that most profile information has leaked in this way.
Zuckerberg confirmed how exposed Facebook had been to his users, to questions made to him by journalists according to TNW:
I will assume that if you had this setting turned on someone might have access to your public information somehow.
Mark Zuckerberg also said he felt responsible for his company's mistakes but when asked if he still considered himself the best person who could run the company, he said: "Yes."