Buried on page 46 of Facebook's quarterly report, deep in the risk factors section, is an ominous warning to investors: Cambridge Analytica is probably not alone.
"We anticipate that we will discover and announce additional incidents of misuse of user data or other undesirable activity by third parties," Facebook said in the filing published on Thursday. "We may also be notified of such incidents or activity via the media or other third parties."
Ever since the suspension last month of data analytics firm Cambridge Analytica for its improper use of data, Facebook users and investors, as well as lawmakers, have been asking if this was an isolated incident or if there's more to come.
Facebook has admitted that the data of 87 million users' profiles, including CEO Mark Zuckerberg's, may have been improperly shared with the political data analytics firm. But the crisis only surfaced after Facebook was alerted by various publications that were preparing stories about Cambridge Analytica's use of data to target users with tailored ads and other messages ahead of the 2016 presidential election.
Zuckerberg later said that Facebook was auditing thousands of apps in search of "suspicious activity" and would ban any developers engaged in improper data collection or use.
In its quarterly report, Facebook said that reports of additional incidents "may negatively affect user trust and engagement, harm our reputation and brands, and adversely affect our business and financial results."
Thus far, the business is holding up fine. Facebook shares surged 9.1 percent on Thursday, a day after the company reported better-than-expected first quarter profit and sales. The stock is still down 5.9 percent since the initial Cambridge Analytica report on March 16.
Here's the full excerpt from Thursday's filing:
We anticipate that our ongoing investments in safety, security, and content review will identify additional instances of misuse of user data or other undesirable activity by third parties on our platform.
In addition to our efforts to mitigate cybersecurity risks, we are making significant investments in safety, security, and content review efforts to combat misuse of our services and user data by third parties, including investigations and audits of platform applications that previously accessed information of a large number of users of our services. As a result of these efforts we anticipate that we will discover and announce additional incidents of misuse of user data or other undesirable activity by third parties. We may also be notified of such incidents or activity via the media or other third parties. Such incidents and activities may include the use of user data in a manner inconsistent with our terms or policies, the existence of false or undesirable user accounts, election interference, improper ad purchases, activities that threaten people's safety on- or offline, or instances of spamming, scraping, or spreading misinformation. The discovery of the foregoing may negatively affect user trust and engagement, harm our reputation and brands, and adversely affect our business and financial results. Any such discoveries may also subject us to additional litigation and regulatory inquiries, which could subject us to monetary penalties and damages, divert management's time and attention, and lead to enhanced regulatory oversight.