Personal information of about 87 million users, mostly in the US, may have been improperly shared with the UK-based political consulting firm Cambridge Analytica, Facebook has said as it announced a slew of measures to address its users' privacy concerns.
Over half a million of the users whose personal data might have been compromised are from India.
This is a much larger figure than the previously believed 50 million users of Facebook whose personal data was improperly shared with Cambridge Analytica.
Facebook is facing a severe crisis of credibility ever since the news broke out that it improperly shared personal information of its users that was used for political purposes.
"In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica," Mike Schroepfer, chief technology officer (CTO), Facebook, said yesterday as he updated users on the changes the social network is making to better protect their information.
As per a table of compromised users, most of the personal information that may have been improperly shared with Cambridge Analytica are from the US – 70.8 million or 81 per cent. Indonesia and the United Kingdom stand a distant second with 1.1 million users' data being compromised. India ranks seventh wherein information of 562,455 of its users may have been compromised.
Schroepfer said until now, people could grant an app permission to get information about events they host or attend, including private events. This made it easy to add Facebook Events to the calendar, ticketing or other apps.
"But Facebook Events have information about other people's attendance as well as posts on the event wall, so it's important that we ensure apps use their access appropriately. Starting today, apps using the API will no longer be able to access the guest list or posts on the event wall. And in the future, only apps we approve that agree to strict requirements will be allowed to use the Events API," he wrote in a lengthy post.
Starting Wednesday, Facebook will need to approve all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups.
"We started approving these permissions in 2014, but now we're tightening our review process — requiring these apps to agree to strict requirements before they can access this data," the CTO said.
"We will also no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity. In the next week, we will remove a developer's ability to request data people shared with them if it appears they have not used the app for the last 3 months," he wrote.
Noting that till now, people could enter another person's phone number or email address into Facebook search to help find them, he said this has been especially useful for finding friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up seven per cent of all searches.
"However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we've seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We're also making changes to account recovery to reduce the risk of scraping as well," Schroepfer said.
In another blog post, the company said users now have control over the ads they see.
"We don't share your information with advertisers. Our data policy explains more about how we decide which ads to show you," it said.
"Facebook is part of the same company as WhatsApp and Oculus, and we explain how we share services, infrastructure and information. We also make clear that Facebook is the corporate entity that provides the Messenger and Instagram services, which now all use the same data policy. Your experience isn't changing with any of these products," the social media outlet said.
Promising that it will never sell users' information to anyone, Facebook said it has a responsibility to keep people's information safe and secure.
"We impose strict restrictions on how our partners can use and disclose data. We explain all of the circumstances where we share information and make our commitments to people more clear," it said.