Updated April 5, 2018: Facebook's data-mining issues were worse than expected. Consultancy Cambridge Analytica improperly accessed the data of up to 87 million people, the company announced on Thursday — a sharp uptick from the 50 millions users initially driving headlines. (Cambridge Analytica has denied wrongdoing.)
Facebook also said "malicious actors" have been scraping public profiles via its search and account recovery feature, a tool that allowed users to find people by entering their phone number or email address.
Details regarding this discovery are sparse, but CEO Mark Zuckerberg told reporters on a Wednesday conference call that most users should assume they've had their profile scraped.
How is Facebook fixing this?
Facebook is taking steps to address the issues. It has disabled its search and account recovery feature and plans on notifying users affected by the Cambridge Analytica breach beginning on Monday, April 9. At that time, you'll also be given the option to delete apps you don't want.
Other moves the social media network is making include:
- Nixing a developers' access to data if someone hasn't used their app in three months
- Tightening its review/permissions process for apps requesting access to data
- Shutting down its Partner Categories, a product that enables third-parties to offer data-targeting directly on Facebook
These changes don't mean you shouldn't take steps to protect yourself in the wake of all the headlines. There are reasons to worry about social network breaches. Scammers can use information gleaned from social profiles to, for instance, answer the security questions protecting your bank account or commit identity theft. You can find tips for getting ahead of fraud in the wake of a hack here.
Fortunately, there are steps you can take on Facebook to protect yourself.
1. Control your permissions
We asked Adam Levin, chairman and founder of CyberScout, an identity protection company, and author of "Swiped," for tips on how to protect you Facebook data.
Facebook allows you to control how apps use your information, Levin said. Go to Facebook settings, then apps. Here you can check the permissions you grant apps to access your information, including your friends list and email address.
Check each apps' permissions. They can get extensive. For example, an app I installed, Bandsintown, has access to my profile, friends list, location, likes, email and songs I listened to in other music apps. Any app that uses your Facebook login will get access to some personal data, from Candy Crush (public profile, friends list, email) to Farm Heroes (profile, friends list, email) to Spotify (profile, friends list, birthday, hometown, email).
You can also remove apps that look suspicious or that you don't use and, under "Apps, Websites and Plugins," choose to disable your Facebook login for plugins, games and outside websites.
2. Check privacy settings
You can change your privacy settings to minimize how much information you expose to the world. Under privacy settings, you can control who sees your posts, who sees your friends list and whether people can find your profile using your email, phone number or a search engine. You can adjust the settings so only your friends can see your posts and only you can see your friends list.
3. Scrutinize future apps
Always be careful installing Facebook apps, Levin said. They may contain malware or misuse your data. If you do use apps, make sure they're from companies you trust.
4. Other things to check
Here's a potpourri of things you may want to shore up while you're in settings.
• Security and login: Make sure you're using a strong password and two-factor authentication to protect your account.
• Timeline and tagging: You may be careful about what you post on your own timeline, and you can control who sees that here, but your friends may not be as careful about what they post. These settings allow you to set who can see posts you're tagged in. You may also want to activate "review," which lets you check posts you're tagged in before they appear on your timeline.
• Blocking: Here's where you can get specific. Blocking allows you to control your individual interactions with people on Facebook. You can set whether specific people can see posts, invite you to join apps or attend events. You can also block apps and pages.
• Face recognition: If you don't want Facebook to LITERALLY RECOGNIZE YOUR FACE in photos or videos, turn this off. Go to settings, Face Recognition and say "no."
• Lock down your browser: There are several browser extensions that can protect your privacy while you're online. A big one is an ad blocker, which not only does what it says, but can help control where your data goes while you're browsing. Lifehacker has a good roundup of privacy extensions here.
5. Read up
How to delete Facebook
Since the Cambridge Analytica news broke, many people have reconsidered whether they want to use Facebook at all. It's pretty easy to delete. You can just click here.
There are some caveats: You won't be able to reactivate your account after doing this. You won't be able to get anything you've uploaded either, so you may want to download a copy of your posts and photos first. (You're given this option when you go to delete your account.) It will also take up to 90 days, according to Facebook.
Even after that, your data will still probably be out there. Other people will still have pictures of you they've uploaded, or messages you sent them. It's tough to put the toothpaste back in the tube.
Europe has a "Right to be forgotten" that allows people to ask Google to remove their name from search results. We don't. Until then, users of services like Facebook can exert pressure on companies and regulators to better protect their private data, Levin said.
And we should all be more mindful of the information we put out there, Levin said.
"You have to be more alert," he said. "You have to understand the ramifications of what you post and where you post it."
We love being able to share pictures of our kids and update our friends about new cars or jobs, but all that information is the product social media networks sell. Cambridge Analytica may have broken some Facebook rule in obtaining your data, but Facebook already markets that data to advertisers to make money.
We all have to recognize that we are the product, Levin said, and take the proper precautions. If not, there are other, more analog ways to share, he said: "Get a journal."