Facebook admitted today that Cambridge Analytica may have gained access to the private data of up to 87 million users, not the 50 million user figure that was previously reported.
Chief Technology Officer Mike Schroepfer revealed the new figure in a blog post focused on Facebook's plans to “restrict data access” on the social media platform.
The majority (about 70.5 million) of affected users are in the US, but the remaining 19% are in several other countries, including the UK, Canada, Australia and India.
“We do not know precisely what data the app shared with Cambridge Analytica or exactly how many people were impacted,” Facebook's post states. “Using as expansive a methodology as possible, this is our best estimate of the maximum number of unique accounts that directly installed the thisisyourdigitallife app as well as those whose data may have been shared with the app by their friends.”
This means that Facebook doesn’t know for certain which users shared their friends’ Facebook data, and that the true number could be lower than 87 million.
On April 9, Schroepfer said in today's post, Facebook will inform individual users whether or not they suspect Cambridge Analytica obtained their private data.
Users will be able to click a link on the top of their News Feed that provides this information. They'll also be able to "see what apps they use — and the information they have shared with those apps", and then delete those apps if they so choose.
This news comes on the heels of the announcement that Mark Zuckerberg will testify before the US Congress' Energy and Commerce (E&C) Committee on April 11. No doubt the committee will have many questions about how Facebook arrived at the new 87 million estimate.
Last week, Facebook revealed how it would make it easier for users to find their privacy settings and linked apps with access to their private data.
In today’s blog post, Facebook announced plans to go much further, limiting what information third-party apps can access even if users give the apps permission.
In particular, the days where you could inadvertently give apps information on your Facebook friends are over.
For example, apps could previously access your events, including private guest lists and posts. Now, if you grant access to your events, apps can only see that you are attending and any public information, but not any private content.
This new rule also applies to other Facebook features like Groups or Pages; by protecting these member lists from the data requests of a single user or admin, Facebook ensures that companies can’t find ready-made lists of political activity for selfish or nefarious purposes.
Most importantly, Facebook is preventing seemingly innocuous quizzes, like thisisyourdigitallife, from asking for any personal details that could be used to develop a profile on users.
Specifically, Facebook will “no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.”
Moreover, if you haven’t used an app or game for more than three months, Facebook will ban that app from asking for the latest updates on your life.
Facebook has also disabled the ability to search for your friends using a phone number or email address.
Schroepfer said that “malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have”, and that “most people on Facebook could have had their public profile scraped in this way.“