Facebook Just Doubled the Number of People Exposed in Data Breach
Facebook Inc. said that data on as many as 87 million people, most of them in the U.S., may have been improperly shared with research firm Cambridge Analytica.
This is Facebook’s first official confirmation of the possible scope of the data leak, which was previously estimated at roughly 50 million in news reports. About 270,000 people downloaded a personality quiz app and shared information about themselves and their friends with a researcher, who then passed along the information to Cambridge Analytica, in a move that Facebook says was against its rules.
Facebook reached the 87 million figure by adding up all the unique people that those 270,000 users were friends with at the time they gave the app permission. Facebook made the new disclosure in an online posting Wednesday.
Facebook says it will tell people, in a notice at the top of their news feeds starting April 9, if their information may have been improperly shared with Cambridge Analytica. But it still hasn’t independently confirmed if the firm currently has the data. The revelation hints at the grilling Chief Executive Officer Mark Zuckerberg will likely have to face when he testifies on the matter before Congress next week: How many other Cambridge Analytica-scale leaks of data are out there?
The company has been embroiled in controversy for weeks over the revelation that data was shared and then not deleted. It raised questions over the reams of data Facebook compiles on users, makes available to third parties, and what happens to it afterward. Facebook made the announcement along with an update on its plans to restrict data access through its platform.
One of the most dramatic updates on Wednesday was the removal of a tool that let users enter phone numbers or email addresses into Facebook’s search tool to find other people. That was being used by malicious actors to scrape public profile information, Facebook said.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” the company said. “So we have now disabled this feature.”