Facebook admits most users' data scraped by malicious bots

Facebook CEO Mark Zuckerberg admitted on Wednesday that 87m accounts were affected by the Cambridge Analytica data breach as the social network warned of a new potential scandal with "malicious actors" likely to have scraped email addresses and telephone numbers of "most" of its 2bn users.

In outlining its new data policies, Facebook admitted that its user-search and account-recovery features had both been abused by data harvesters to scrape the profile information.

"Until today, people could enter another person’s phone number or email address into Facebook search to help find them," Facebook explained.

"However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way."

Founder Zuckerberg said the feature, which had been "very useful" to many users had now been shut down due to the abuse.

Meanwhile, Zuckerberg admitted that the number of user accounts affected by the Cambridge Analytica breach was 87m, almost double the initial estimate, of which 1.1m are thought to be UK based.

"I'm quite confident given our analysis it is not more than 87m. It very well could be less. But we wanted to put out the maximum we felt that it could be as soon as we had that analysis done," Zuckerberg said on a conference call with reporters overnight.

The social media giant also announced they are building new ways to protect their users from malicious harvesters and recommend users to check their privacy settings.

The data was harvested back in 2013 thanks to a personality quiz that gave data access to a researched who then shared it with Cambridge Analytica.

Cambridge Analytica has denied this figure and has said the data collected affected only 30m users. “We licensed data for no more than 30m people from GSR, as is clearly stated in our contract with the research company. We did not receive more data than this,” it said overnight.

Facebook also said on Wednesday it had removed the Russian pages that had been found to be meddling in elections all around the globe.

Zuckerberg admitted to making the mistake of underestimating the power of “fake news” but denied having been asked to resign from his post at the company. He is set to testify on 11 April before the Senate’s Commerce and Judiciary committees.

“I started this place, I run it, I’m responsible for what happens here. I’m going to do the best job I can going forward. I’m not looking to throw anyone under the bus for mistakes I’ve made," he said.

While Cambridge Analytica gained access to 87m profiles ostensibly for lobbying means, Simon Migliano, head of research at Top10VPN said the personal data breach may be far less sophisticated but was still a lucrative market enjoying a "roaring trade" on the dark web.

"As we speak, Facebook account logins are changing hands for as little as £3.74 on the murkier corners of the web. The data that can be mined from these accounts can buy criminals an effective backdoor to identity fraud - from the potential to get hold of bank details from those purchasing apps through to intimate personal information,” he said.