Well, it’s always nice to be reassured. Mark Zuckerberg has confirmed on a phone call with reporters that most users of Facebook should be reasonably confident that they’ve had their data scraped by third parties.

“We’ve seen some scraping,” the Facebook CEO told reporters. “I would assume if you had that setting turned on that someone at some point has access to your public information in some way.”

The feature in question is one that Facebook is now permanently disabling: the ability to search for people using their phone number or email address instead of their name. Incredibly crucial for the committed Facebook stalker, it was also useful for users in countries where many people share one name, or where typing out an email address or number would be easier than writing in users’ full names. Also, as always, people do it for Horny Reasons.

Considering the fact that most people absolutely wouldn’t have turned that feature off, it’s safe to assume that Zuckerberg is basically saying most people have had their data scraped without their explicit consent or knowledge.

Before Zuck conceded that this feature made for a pretty big security hole where unscrupulous companies could use email databases to scrape information from users who had either deliberately or inadvertently made their data public, Facebook announced they were ditching the feature altogether. Here’s chief technology officer Mike Schroepfer:

Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.

Overall, it’s been another shithouse day for Facebook. They’ve upped their estimates for the number of users in the United States affected by the Cambridge Analytica breach to 87 million from the earlier estimate of 50 million. That 87 million figure comes from the 270,000 who actually used the app in question.

Image: Getty Images