Facebook’s misuse of personal information was far worse than initially thought.
On Wednesday, Chief Technology Office Mike Schroepfer revealed the firm shared data of up to 87 million users with the political consultancy firm Cambridge Analytica – a dramatic increase from initial media estimates of roughly 50 million.
Schroepfer shared the new figures in a blog post outlining nine changes the firm is making to the platform in light of the massive data scandal that unfolded last month.
According to the CTO, most of the affected users were in the United States.
In the post, the Facebook exec also revealed the troubling ease with which ‘malicious actors’ could ‘scrape’ public information from most users’ profiles.
Facebook CEO Mark Zuckerberg addressed the growing scandal in a media call on Wednesday afternoon, admitting the firm ‘didn’t do enough’ to protect user data or to prevent the spread of disinformation.
In a call with reporters, Zuckerberg admitted the firm made a ‘huge mistake’ in failing to take a broad enough view of what Facebook’s responsibility is in the world.
‘It’s my mistake,’ the Facebook CEO added.
Referring to the Cambridge Analytica privacy scandal, in which a consultancy firm was able to access millions of users’ data and use it to target voters during political campaigns, he said that it isn’t enough for Facebook to believe app developers when they say they follow the rules.
He says Facebook has to ensure they do.
‘Life is learning from mistakes,’ Zuckerberg told reporters, according to CNET.
‘At the end of the day, this is my responsibility. I started this place, I run it, I’m responsible.’
‘We know now we didn’t do enough to focus on preventing abuse and thinking through how people use these tools to do harm,’ the Facebook CEO added.
Now, as the company looks forward, Zuckerberg said the firm must address Facebook’s role in democracy.
‘It’s not enough to give people a voice, we have to make sure that people are not using that voice to spread disinformation,’ Zuckerberg said, according to CNET.
While Facebook grapples with the unfolding data scandal, more and more worrying details continue to emerge.
The latest indicates the issue, which Zuckerberg himself called a ‘breach of trust,’ affected many more users than initially suspected.
‘In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica,’ Schroepfer said on Wednesday.
In the blog post, Schroepfer shed light on additional ways ‘malicious actors’ could access users’ data without their knowledge, by scraping public information from profiles.
The site previously allowed users to enter someone’s phone number or email address into the search bar to locate that person.
While the tool was helpful for finding friends in some scenarios, for example, in languages which ‘take more effort to type out a full name,’ the firm says it was also regularly abused.
As a result, Facebook is now doing away with it entirely.
‘Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,’ Schroepfer wrote.
‘So we have now disabled this feature.
‘We’re also making changes to account recovery to reduce the risk of scraping as well.’
The troubling revelation came in the midst of new details on what Schroepfer says are the nine ‘most important changes’ the firm is making to the site.
And, the CTO notes, more are set to come over the next few months.
The current changes also include new guidelines for the controversial opt-in feature that allowed Facebook to collect call and text history from Android users.
‘We’ve reviewed this feature to confirm that Facebook does not collect the content of messages — and will delete all logs older than one year,’ Schroepfer wrote.
‘In the future, the client will only upload to our servers the information needed to offer this feature — not broader data such as the time of calls.’
The firm is also rolling out a new tool to more prominently display the apps and websites you use.
A link for this will appear at the top of the News Feed starting Monday April 9. Clicking this link will reveal what information you share with these apps, and give the option to remove them.
The changes also include new permissions requirements for Groups, Pages, and Events.
As of today, apps using these APIs will no longer be able to access guest or member lists. For events, apps will also be unable to access posts on the event wall.
The firm also says it is rolling out strict requirements for apps seeking approval through the Events API, and will require approval for all apps seeking access to the Pages API.
For groups, Schroepfer wrote, ‘we’re also removing personal information, such as names and profile photos, attached to posts or comments that approved apps can access.’
The firm also says it will no longer allow apps to ask for more detailed personal information, such as religious or political views, entertainment activity, relationship status, or news reading.
The changes follow several others that have rolled out in the last few weeks in light of the Cambridge Analytica scandal.
‘Overall, we believe these changes will better protect people’s information while still enabling developers to create useful experiences,’ Schroepfer wrote.
‘We know we have more work to do — and we’ll keep you updated as we make more changes.’