First, it was 55 million

Then 77 million.  Now, it's 2.2 billion, or pretty much every user on Facebook.  That's how many people should assume that their public profile information has been "scraped".

The conversation began when it came to light that Cambridge Analytica (a political research firm) had misused Facebook's search function to scrap profile data for tens of millions of Facebook's users to help the Trump campaign win the recent presidential election.

As research into the matter has continued. However, it has become clear that Cambridge Analytica wasn't the only group misusing the search feature, and that before Facebook disabled it, more than two billion of Facebook's users had seen their public profile information scraped.

Dark web?

Essentially, Facebook was used to paint a more complete picture of users to build a profile which could be sold on the Dark Web.

Starting with stolen phone numbers or addresses, hackers developed automated routines that fed this information into Facebook's search function, enabling them to link these bits of information with the names and locations of specific people.  Having a more complete profile in hand made the data that much more valuable on the Dark Web, where it is currently being resold.

At 2.2 billion impacted users, it's certain that this will be the year's largest data breach. In fact, this one is likely to hold the world record for quite some time.

Facebook's CEO, Mark Zuckerberg issued an apology to the company's massive user base.

Mike Schroepfer, the company's Chief Technology Officer, had this to say:

"Until today, people could enter another person's phone number or email address into Facebook search to help find them.  This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name.  However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery...we believe most people on Facebook could have had their public profile scraped in this way."

Our perspective

We recommend that you should assume that all of your information has been scraped at one time or another. You should assume a mature attitude about security over the internet and take a responsible posture. Talk to a security expert and implement the advice.


Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cloud Computing Expert | Small Business Technology Consultant | IT Services Provider | 866.995.4488

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller, fast-growth companies in Greater Los Angeles. And have created cost-effective IT solutions, including managed IT support systems, for small business for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs to business and professional associations.

Check out this blog post

"Cyber Security Check List That Will Underscore Your Potential Business Risks"