The number of Facebook users whose data was illegitimately shared with Republican-backed political consultancy firm Cambridge Analytica was bigger than previously thought.
In a new announcement Wednesday, Facebook said that “information of up to 87 million people — mostly in the U.S. — may have been improperly shared with Cambridge Analytica.” That’s significantly higher than the 50 million users originally reported.
Cambridge Analytica, a firm that uses data to determine voter personality traits and behavior, illegitimately obtained information about Facebook users to help conservative campaigns target advertisements, messaging, and other modes of influence, according to the The New York Times. Cambridge Analytica was officially formed by former Trump advisor Steve Bannon with a $15 million investment from Republican mega-donor Robert Mercer. The firm hired Russian-American professor Aleksandr Kogan to secure the underlying data necessary to conduct this kind of mapping, which helps campaigns target specific groups.
Kogan created an app which offered Facebook users small payments if they downloaded it and took a personality quiz. About 270,000 people signed up, Facebook says. The app scraped private information from those 270,000 profiles, including data from what Facebook now says was up to 87 million of their unwitting friends.
In response, Facebook announced a series of changes to its platform Wednesday, intended to more strictly control data that third-party apps access. Starting Monday, Facebook will surface a link at the top of users’ news feeds with information about what apps they use and what data those apps access. It will have an option to remove the apps.
In Wednesday’s update, Facebook said that it is suspending the feature that allows users to search for friends using their phone numbers. Bad actors have exploited the feature to scrape profile information by submitting phone numbers and email addresses through search and account recovery.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” Facebook said. “So we have now disabled this feature.”
The series of scandals that have rocked Facebook have led to calls for CEO Mark Zuckerberg to resign.
Other changes announced Wednesday include:
- Third-party apps using Facebook’s Events API will no longer be able to access guest lists or posts for events.
- Third-party apps using Facebook’s Groups API will need approval from Facebook and the group’s admin to access the group. Those apps will no longer be able to access a group’s member list or personal information attached to posts and comments.
- Third-party apps using the Pages API will need to be approved by Facebook.
- Facebook is shoring up its review process for third-party apps that request access to user information. Facebook will forbid apps from asking for access to personal information, like ideological views and relationships.
- Facebook is shutting down Partner Categories, which lets third-party data providers target directly on Facebook.