Facebook said that the data of up to 87 million users may have been improperly shared with a political consulting firm connected to President Trump during the 2016 election — a figure far higher than the estimate of 50 million that had been widely cited since the leak was reported last month, The New York Times reports.
Mark Zuckerberg, the company’s chief executive, also announced that Facebook would offer all of its users the same tools and controls required under European privacy rules. The European rules, which go into effect next month, give people more control over how companies use their digital data.
Facebook had not previously disclosed how many accounts had been harvested by Cambridge Analytica, the firm connected to the Trump campaign. It has also been reluctant to disclose how it was used by Russian-backed actors to influence the 2016 presidential election.
Among Facebook’s acknowledgments on Wednesday was the disclosure of a vulnerability in its search and account recovery functions that it said could have exposed “most” of its 2 billion users to having their public profile information harvested.
The new effort to appear more transparent about the data leaks — including a rare question-and-answer session with Mr. Zuckerberg and reporters — came just before Mr. Zuckerberg’s expected testimony next week on Capitol Hill, where he will most likely face criticism over how the company collects and shares the personal data of its users. Sheryl Sandberg, Mr. Zuckerberg’s top deputy, has several national television interviews scheduled for later this week.
The company said that on Monday it would start telling users whether their information may have been shared with Cambridge Analytica.
Andy Stone, a spokesman for Facebook in Washington, said the 87 million figure was an estimate of the total number of users whose data could have been acquired by Cambridge Analytica. He said that the estimate was calculated by adding up all the friends of the people who had logged into the Facebook app from which Cambridge Analytica collected profile data.
“We wanted to put out the maximum number of people who could have been affected,” Mr. Zuckerberg told reporters.
It remains unclear exactly how many users had their personal information accessed by Cambridge Analytica. The firm said Wednesday that it had licensed data for no more than 30 million users of the social network.
Facebook also released a lengthy document describing how it would protect personal data in the future. In that document, Facebook said its search and account recovery systems had been open to abuse by anyone who already had some information about an individual, such as a phone number or email address. The vulnerability extended to much of the platform’s user base before it was closed on Wednesday, Facebook said.
The company also said it would limit the types of data that can be harvested by software used by outside businesses. The changes mean that users will have to give permission before an app can collect information beyond their names and addresses.
The company also said it would no longer allow outsiders to use apps to gather information about the religious or political views of its users. And it will stop using third-party data from companies such as Experian and Acxiom to help supplement its own data for ad targeting. “It’s clear now that we didn’t focus enough on preventing abuse,” Mr. Zuckerberg said. “We didn’t take a broad enough view of what our responsibility is. That was a huge mistake, and it was my mistake.”
The Federal Trade Commission is investigating whether Facebook violated a 2011 agreement meant to protect users’ privacy. User data is crucial to the company’s business, because it is used to deliver advertising to users.
Mr. Zuckerberg is scheduled to testify about the company’s handling of sensitive user data before the Senate’s Commerce and Judiciary committees on Tuesday and the House Energy and Commerce Committee on Wednesday.
“This hearing will be an important opportunity to shed light on critical consumer data privacy issues,” said Representatives Greg Walden, Republican of Oregon, and Frank Pallone, Democrat of New Jersey, of the House committee.
Senator Chuck Grassley, the Republican chairman of the Judiciary Committee, said, “With all of the data exchanged over Facebook and other platforms, users deserve to know how their information is shared and secured.”
Facebook’s problems stretch back before the reports about Cambridge Analytica, to earlier investigations into how Russian actors infiltrated the platform by placing ads and posts to influence the 2016 election. Mr. Zuckerberg initially dismissed the idea of foreign interference on Facebook as a “crazy idea.”
Since then, the company has been the focus of investigations by law enforcement and congressional committees that are delving into the Russian influence campaign. Facebook now acknowledges that its platform was used to sway voters.
All those troubles have prompted investors to flee the company, and its stock has fallen sharply in recent weeks. In response, the company has put its executives front and center.
Mr. Zuckerberg typically talks to groups of reporters only after the company releases its quarterly financial reports. But after not responding in public for several days following the Cambridge Analytica disclosure, he has given a series of interviews.
And Ms. Sandberg, Facebook’s chief operating officer and the second most recognizable face at the company, is set to be interviewed this week by Fox News, “PBS NewsHour,” NBC’s “Today” show and Bloomberg. Ms. Sandberg will be interviewed remotely from California.
Facebook said its new openness was meant to show that it takes the intense criticism over its handling of user data seriously.
In Washington, Facebook employees and public relations firms retained by the company have talked to regulators and congressional staff members about new privacy measures, including updates to policies that are intended to make them easier to understand.