Facebook made a bombshell admission about the security of its users’ personal information on Wednesday, in a startling revelation that’s almost certain to worsen the privacy crisis currently hanging over the world’s largest social network.

“Most” of Facebook’s 2 billion users may have had their personal data skimmed from the site by “malicious actors,” the company said in a blog post by Chief Technology Officer Mike Schroepfer. Facebook said it has disabled the feature in its site’s search function that enabled the data scrapping, but the fact that so much user data may have been vulnerable was another setback to the company’s efforts to restore confidence with users.

Two billion.

Meanwhile, up to 87 million users may have been affected by the leak of personal information to Trump-linked data firm Cambridge Analytica — a number that was much bigger than previous estimates.

Facebook has been reeling since a whistleblower disclosed that Cambridge Analytica had managed to get hold of user data and used it to target voters with emotional and divisive messages during the 2016 Trump presidential campaign.

Schroepfer disclosed the new information about privacy compromises on Wednesday in a post describing changes the company has made to its service, to better protect users’ personal data.

How are these guys still in business? https://t.co/A2VG6SnQ2Y — Thomas Paine (@Thomas1774Paine) April 4, 2018

READ MORE: