Facebook announced an additional 37 million people were affected in the Cambridge Analytica breach while at the same time rolling out new plans to restrict data access to the site's users.
“In total, we believe the Facebook information of up to 87 million people — mostly in the U.S. — may have been improperly shared with Cambridge Analytica,” the Facebook Chief Technology Officer Mike Schroepfer said in an April 4, 2018 blog post.
Facebook has not yet replied to an SC Media request as to whether the affected users will be notified that their data is involved.
The company also announced a host of new data restrictions in various API's, app controls, history settings and other features to limit access to user information. Facebook will no longer allow apps to ask for personal information, will delete all call and SMS logs older than one year, and has disabled the Search and Account recovery tool.
Schroepfer admitted the Search and Account recovery tool was capable of being misused to scrape user data. The tool has also been used by law enforcement to collect information during investigations.
In addition, the firm is enacting a more stringent approval process for all apps requesting access to information such as check-ins, likes, photos, posts, videos, events, and groups.
“Apps using the API will no longer be able to access the events' guest lists or posts on event walls,” Schroepfer said. “And in the future, only apps we approve that agree to strict requirements will be allowed to use the Events API.”
Third-party apps using the Groups API will require approval from Facebook and an admin to ensure the app benefits the group and Apps will no longer be able to access the member list of a group.
“And we're also removing personal information, such as names and profile photos, attached to posts or comments that approved apps can access,” Schroepfer said.
Facebook will also be making the recently announced deprecation of the Instagram Platform effective April 4, 2018, as well.