Facebook says Cambridge Analytica had data on 87 million people

The fiasco was worse than we thought.

Richard Nieva Former senior reporter
Richard Nieva was a senior reporter for CNET News, focusing on Google and Yahoo. He previously worked for PandoDaily and Fortune Magazine, and his writing has appeared in The New York Times, on CNNMoney.com and on CJR.org.
Richard Nieva
3 min read

Facebook CEO Mark Zuckerberg

James Martin/CNET

A data scandal that has rocked Facebook since mid-March affected millions more people than we initially thought, the company said on Wednesday.

Data from as many as 87 million people was improperly shared with Cambridge Analytica, a digital consultancy with ties to the Trump presidential campaign, a much higher figure than the 50 million accounts previously reported. For context, the number of accounts affected is bigger than Germany's population of 82 million.

Watch this: Millions more affected in Facebook data grab

The news comes roughly two weeks after Facebook first said it banned Cambridge Analytica for harvesting the data through a third-party quiz app called "thisisyourdigitalife." The data was collected legitimately by a Cambridge University researcher named Aleksandr Kogan, who then reportedly violated Facebook's terms of service by passing the information on to Cambridge Analytica.

Cambridge Analytica disputed the new figure in a statement Wednesday. The company said it only had data for 30 million people from Global Science Research, Kogan's research company. 

Facebook didn't immediately return a request for comment about the discrepancy. 

Facebook also said it will notify people on April 9 if their data had been co-opted by Cambridge Analytica. The social network will put a link at the top of people's news feeds that lets them more easily manage the apps they use and see what information they are sharing. 

The Cambridge Analytica scandal, which CEO Mark Zuckerberg has called a "breach of trust," has raised questions about Facebook's handling of user data and whether the company is doing enough to protect it. Earlier Wednesday, the House Energy and Commerce Committee said Zuckerberg will testify before the Congressional panel on April 11 to answer questions about privacy and user data.

The breach has also caused the social network to rethink many of its policies regarding data. On Wednesday, Facebook CTO Mike Schroepfer outlined some of the changes the company has made to limit data collection. 

For example, Facebook Login, which Kogan's app used to collect data from the accounts, will get more restrictions. Facebook will need to approve all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups. Software developers will also no longer be able to ask for personal information, such as religious affiliation, political views, relationship status, education and work history. 

People will also no longer be able to search for Facebook profiles by typing phone numbers and email addresses into the social network's search box. That's because Facebook said it left people vulnerable to having their public profiles scraped by bad actors. The company also put more limits on what information developers could gather from a handful of Facebook services, including its Events, Groups and Pages features. 

"Overall, we believe these changes will better protect people's information while still enabling developers to create useful experiences," Schroepfer wrote. "We know we have more work to do."

Update, 4:10 p.m. PT: Adds statement from Cambridge Analytica. 

Facebook's rocky year: What you need to know about the social network's scandals and controversies. 

Special Reports: CNET's in-depth features in one place.