Facebook says Cambridge Analytica may have had data on 87 million people

Zuckerberg on data debacle: 'It was a breach of trust'
Zuckerberg on data debacle: 'It was a breach of trust'

Facebook said Wednesday that Cambridge Analytica, a data firm with ties to President Donald Trump's campaign, may have had information on about 87 million Facebook users without the users' knowledge.

Previous reporting had put the number of people whose information may have been shared with Cambridge Analytica at around 50 million. Facebook announced its own estimate in a blog post on Wednesday.

The 87 million number is the maximum amount of people that could have impacted, according to Facebook's calculations. CEO Mark Zuckerberg said in a call with reporters on Wednesday that it got to that number by looking at the maximum number of friends its users had at the time.

"I'm quite confident given our analysis it is not more than 87 [million]. It very well could be less. But we wanted to put out the maximum we felt that it could be as soon as we had that analysis done," said Zuckerberg.

Facebook has said the data was initially collected by a professor for academic purposes in line with its rules. The information was later transferred to third parties, including Cambridge Analytica, in violation of Facebook's policies.

Cambridge Analytica disputed the number.

"Cambridge Analytica licensed data for no more than 30 million people from GSR, as is clearly stated in our contract with the research company. We did not receive more data than this," the company said in a statement.

Starting next week, Facebook will tell people if their information was shared with Cambridge Analytica.

Related: A long awaited privacy awakening is here

Facebook also said in the blog post Wednesday that "most people on Facebook" may have had their public profile information scraped by malicious actors. The people doing the scraping used account recovery and search tools that let users look people up by phone numbers and email addresses, then took information from profiles.

"Given the scale and sophistication of the activity we've seen, we believe most people on Facebook could have had their public profile scraped in this way," said CTO Mike Schropfer in the post.

Facebook is turning off the search feature and changing how account recovery works. The post also outlines a number of other ways that Facebook is cracking down on third-party access to data.

The company is trying to limit what kind of information third-party apps will be able to collect. It will no longer allow apps to see personal information about users, like religion, political views, relationship status, education, work history, fitness activity and what books, movies and music people have consumed.

Apps will now need to get approval from Facebook before they can access things like Groups, Pages and check-ins. They can no longer see the names and profile photos of people posting and commenting in a group, or see the guest list for events.

Related: What you need to know about Facebook's data debacle

Facebook will also delete call logs older than a year for Messenger and Facebook Lite users on Android who have opted-in to the call and text history feature. This feature became controversial last month after a number of users discovered years of their contacts and call history in their Facebook data.

On Monday, Facebook users will see an option on top of their News Feed to review which apps have access to their information.

Correction: A previous version of this story incorrectly attributed the earlier estimate of 50 million users to Facebook. That number came from independent reporting and not Facebook itself.

CNNMoney Sponsors