April 5 (UPI) — Facebook announced Wednesday that information of up to 87 million people may have been improperly shared with data firm Cambridge Analytica.
The social media company said that of the 87 million accounts affected, the data of an estimated 70,623,350 Americans may have been accessed by the British data firm without their knowledge, accounting for 81.6 percent of all those affected by the breach.
“We do not know precisely what data the app shared with Cambridge Analytica or exactly how many people were impacted,” Facebook said in a blog post. “Using as expansive a methodology as possible, this is our best estimate of the maximum number of unique accounts directly that installed the thisisyourdgitallife app as well as those whose data may have been shared with the app by their friends.”
Facebook CEO Mark Zuckerberg is set to testify in the House next week about how the social networking site protects user data, following the breach which was previously estimated to have affected 50 million people worldwide.
The company also said a feature allowing people to use another person’s phone number or email address to search for their account was abused by “malicious actors” to scrape public profile information by submitting phone numbers or email addresses they already had through search and account recovery.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well,” Facebook Chief Technology Officer Mike Schroepfer wrote.
Schroepfer also said the company will scale back a feature users of Facebook Messenger or Facebook Lite on Android devices were able to opt-in to, which collected call and text data to place people users most commonly interact with at the top of their contact lists.
“In the future, the client will only upload to our servers the information needed to offer this feature — not broader data such as the time of calls,” he wrote.
Other changes include implementing stricter requirements for which apps are able to access application programming interfaces, or APIs, on various portions of the site as well as access to various types of posts and personal profile information.
Also beginning April 9, a link will appear at the top of Facebook users’ News Feeds allowing them to see what applications they use and tell people if their information may have been improperly shared with Cambridge Analytica. Users also will be able to remove apps they no longer want through the link.
“Overall, we believe these changes will better protect people’s information while still enabling developers to create useful experiences. We know we have more work to do — and we’ll keep you updated as we make more changes,” Schroepfer wrote.