Facebook informed the public on Wednesday that the number of people whose data was compromised by the Cambridge Analytica breach is tens of millions larger than the company initially thought.
Hidden at the bottom of a statement on Facebook’s new data-security initiative was an admission that closer to 87 million people had their personal information illicitly shared. The number was first reported to be around 50 million.
A Cambridge University scientist improperly shared user information that he obtained from Facebook with data-analytics firm Cambridge Analytica, which worked with Donald Trump’s campaign to target voters in 2016. When the data misuse reached Facebook’s radar in 2015, the company claims it secured, in a legal document, Cambridge Analytica’s word that it would delete all the data.
Cambridge Analytica has denied that it used the information during the 2016 campaign, and the scientist, Aleksandr Kogan, has said he was unaware he did anything wrong and feels he is being used as a scapegoat.
Facebook’s statement, written by Chief Technology Officer Mike Schroepfer, outlined several changes aimed at tightening the platform’s privacy, and promised that more changes would be unveiled in the future.
One of the reforms is restricting apps’ access to information contained in calendar events and private groups. The company will also no longer let apps ask for access to “personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.”
If a user has given Facebook access to calls and texts, the platform will no longer upload extraneous information about those communications and will delete histories older than a year.
Facebook also said it will no longer allow people to search for a person by entering their email and phone number, a feature that has facilitated “malicious actors,” who have used it to scrape public profile information by submitting phone numbers or email addresses.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” Facebook said.
Facebook is also planning to inform users if their information was included in the Cambridge Analytica breach.