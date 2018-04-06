"In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica," wrote Mike Schroepfer, chief technology officer of Facebook, in a blog post announcing new rules for how the company plans to handle user data.

The data was harvested by Cambridge University researchers through a quiz app that users downloaded and then used their Facebook accounts to access. Cambridge Analytica, a private company not affiliated with the university, was allegedly then able to build a system off that data to target U.S. citizens with political ads based on personality traits.

In addition to changing how it works with connected apps, Facebook has also changed how its "search account and recovery" feature works, which lets people search for users by phone number or email address. Schroepfer wrote that this allowed for accounts to be found and then have their public info "scraped" — an issue that could have affected all of Facebook's 2.13 billion users. The feature has now been disabled.

"Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way," Schroepfer wrote. "So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.

Facebook said it will begin notifying users at the top of their News Feeds on Monday, April 9, if their information may have been improperly shared with Cambridge Analytica. Facebook's 2.13 billion users will also be provided with a link at the top of their feeds to see the apps they use, review the information they share with those apps and steps to remove them, if they choose.

In a statement on Wednesday, Cambridge Analytica said it "licensed data for no more than 30 million people" from GSR, a research company. They said that data was not used to target voters in the 2016 presidential election.

"Our contract with GSR stated that all data must be obtained legally, and this contract is now a matter of public record," the statement said. "We took legal action against GSR when we found out they had breached this contract."

When Facebook contacted Cambridge Analytica to say the data was improperly gathered, the company said it "immediately deleted the raw data from our file server, and began the process of searching for and removing any of its derivatives in our system."

"When Facebook sought further assurances a year ago, we carried out an internal audit to make sure that all the data, all derivatives, and all backups had been deleted, and gave Facebook a certificate to this effect," the statement said. "We are now undertaking an independent third-party audit to demonstrate that no GSR data remains in our systems."