Facebook Data Breach Goes Beyond Initial Estimates

Early figures in the Cambridge Analytica scandal put the number of users affected at roughly 50 million, but now the social media company estimates that at least 87 million users had their data improperly shared.

by Seung Lee, The Mercury News / April 5, 2018
A smartphone with the Facebook logo lying on a keyboard. As Facebook confronts a scandal over data privacy in the United States and Britain, it faces widening criticism in Asia for stoking discord in countries with few legal protections for religious, ethnic and political minorities. (Oliver Berg/DPA/Zuma Press/TNS) TNS

(TNS) — SAN JOSE, Calif. — Facebook announced Wednesday that it believes up to 87 million users — mostly in the United States — were affected by Cambridge Analytica’s improper collection and sharing of personal information for political campaigns.

That number is significantly higher than the initial figure of 50 million as estimated by former Cambridge Analytica employee and whistleblower Christopher Wylie. It marks the first time Facebook has estimated the scope of the data collection, which stemmed from an app that was created by a University of Cambridge researcher. The personality quiz app had about 270,000 users, but at the time Facebook allowed app developers to collect information of their users’ friends, too. The researcher sold that information to Cambridge Analytica.

Starting next week, Facebook will show users a link at the top of their feeds to inform them what apps they use and the information they shared with those apps. Facebook will also alert those whose personal information was collected by Cambridge Analytica.

“Overall, we believe these changes will better protect people’s information while still enabling developers to create useful experiences,” said Facebook Chief Technology Officer Mike Schroepfer in a blog post.

Schroepfer also announced a host of changes in how Facebook will safeguard user data. For example, Facebook will no longer allow apps to ask for access to personal information, which range from religious or political views, education and work history, fitness activity and relationship status.

In another key change, Facebook will block the ability to find public profiles by typing in a person’s phone number and email address. This function may have allowed malicious actors to find, view and scrape entire personal profiles without needing to ask to access information via apps.

“Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery,” wrote Schroepfer. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.”

Facebook has been dealing with the Cambridge Analytica fallout for weeks after Wylie shared his experiences at the British political data firm on March 17. Facebook CEO Mark Zuckerberg will be testifying in front of Congress on April 11 to answer for Facebook’s role with Cambridge Analytica and its data privacy practices.

On Wednesday, Facebook also admitted it scans images and texts sent via its Messenger chat app to make sure the contents abide by the company’s rules.

Facebook also issued another statement about updates to its data policy terms of services to reflect more transparency on how it collects and uses data from Facebook, Messenger and Instagram.

©2018 The Mercury News (San Jose, Calif.) Distributed by Tribune Content Agency, LLC.