- Facebook announced in a blog post Wednesday that it will disable its search feature that allows users to be found based on a phone number or an email address.
- The company said users’ information may have been scraped by malicious actors who used this feature.
- Here’s how to put your profile on lock down to limit public access to your information.
What exactly is your public profile information? And how did these bad guys manage to get hold of it?
The good news is we’re not talking about the private pictures and comments you posted on Facebook’s newsfeed (assuming you don’t have your newsfeed set to be viewable to the public).
But there is some personal information about you on Facebook that is always viewable to the public; no matter what That information is what’s known as your public Facebook profile.
Here is what your Public Profile includes:
- Username and user ID (which is in your profile’s URL)
- Profile Picture
- Cover Photo
- Age range (under 18, 18-21, and over 18)
No matter how tightly you lock down your privacy settings, the above information is always going to be viewable to everyone.
According to Facebook’s help center, information such as your age, language and country are always public since those are things needed to fill out a Facebook profile. Facebook also uses information in your “Public Profile” to help connect you with other users you may know such as friends and family.
Here’s what that looks like in real life:
Notice that my age range is nowhere to be seen. That info is basically metadata that’s available to apps which connect with the Facebook API. Facebook says it’s necessary to provide users with age-appropriate content.
So how did the malicious actors scrape this info?
Until today, someone could find you on Facebook by entering your email address or phone number. Think of it as a reverse search.
That’s a helpful feature if you’re trying to find your old high school acquaintance Jane Smith, and don’t want to comb through the hundreds or thousands of Jane Smiths on Facebook to find the right person. Just enter her phone number and voila!
Not everyone let Facebook have their phone number as part of their public profile. But if you did, then anyone, including “malicious actors,” could have used it to pull up all of your other profile information.
“It is reasonable to expect that if you’ve had that setting on in the last several years that someone has accessed your information,” company CEO Mark Zuckerberg said on a conference call with journalists on Wednesday.
Is any of my other personal information at risk?
That depends on how you set up your profile’s privacy settings.
There’s a whole slew of secondary information like relationship statuses, employment, education, birthdays, political and religious views, and who you’re interested in that can be part of your public profile.
You can control this secondary information and how public it is.
If you had any of this info set to public, that means it could have been scraped.
I already have a skim amount of public-facing information, but you can change the privacy settings on other sections besides relationship status and birthday:
You can get to the Settings section by clicking the arrow in the top right corner of your screen. Click the Privacy tab to control who sees your activity and how people find and contact you.
Clicking on Public Posts will navigate you to this screen:
My favourite feature was this handy trick: Limiting old posts. Once I changed the audience to “Friends,” my profile went on lock down.
Other privacy features to consider are managing access on a per-post basis, selecting within a post who you’d like to be able to see it.