As many as 87 million Facebook users had personal information improperly shared with political consulting firm Cambridge Analytica, significantly more than what had previously been reported, the company said Wednesday.
The affected accounts were mostly in the U.S., Facebook said in a blog post, which also outlined new restrictions on access to user data.
Previously, it had been thought that 50 million users were ensnared in the data misappropriation scandal, which has presented Facebook with the biggest crisis in its 14-year history.
The data was improperly passed to Cambridge Analytica through a psychology professor who developed a quiz app for Facebook. The professor was able to collect data from the nearly 300,000 people who downloaded his app, as well as their friends. He then broke Facebook rules by sharing that information with Cambridge Analytica, which worked on Donald Trump’s presidential campaign and reportedly used the data to identify swing voters.
Facebook was lambasted for not doing more to prevent the data leak or alerting the affected users immediately after it was discovered. But reports in the New York Times and the British newspaper the Observer last month raised pressure on Facebook to apologize and reevaluate its data-sharing and collection practices.
During a rare conference call with reporters Wednesday, Facebook Chief Executive Mark Zuckerberg again pledged to better safeguard user information while also acknowledging he had failed to anticipate the ways the social network could be exploited.
“We’re an optimistic and idealistic company,” Zuckerberg said, citing the way Facebook has connected friends, given small businesses a larger presence and catapulted social movements.
“But it’s clear now we didn’t do enough,” Zuckerberg said. “We didn’t focus enough on preventing abuse and thinking through how people can use these tools to do harm as well…. We didn’t take a broad enough view of what our responsibility is, and that was a huge mistake. It was my mistake.”
To that end, the company announced Wednesday it was taking a number of steps that could change the way outside companies can leverage data from Facebook’s 2 billion users.
Those changes include limiting access to data pertaining to:
Personal data: Facebook says it will no longer allow apps to ask for access to users’ religious or political views, relationship status, education and work history and activity working out, reading books, listening to music, reading news, watching videos or playing games.
Events: Only specially approved apps will have access to a user’s guest list to events.
Groups: Apps will need approval to gain access to a group’s member list. Names and profile photos attached to group posts will no longer be accessible to apps.
“We have to ensure all those developers protect people’s information too,” Zuckerberg said.
Facebook shares fell $1.01, or 0.7%, to $155.10 on Wednesday. The stock is down nearly 20% since a high Feb. 1.