Facebook boss Mark Zuckerberg defends himself amid data scandal
The 87 million figure includes more than a million users from the UK, with the majority of those potentially affected based in the United States.
Some 1,079,031 UK users could be affected, with more than a million Filipino and Indonesian people also potentially having their data shared improperly, Facebook said.
In a rare conference call with journalists, the tech giant’s founder and chief executive admitted that it “didn’t do enough” to protect its users and promised that the company was now committed to taking more responsibility for keeping people’s data safe.
“We didn’t take a broad enough view of what our responsibility is. That was a huge mistake. It was my mistake,” he said at the start of the call.
Asked by a journalist if he still thought he was the best person to lead Facebook forward, Mr Zuckerberg said “yes”, adding: “I think life is about learning from your mistakes and working out what you need to do to move forward.
“When you’re building something like Facebook that is unprecedented in the world there are going to be things you mess up.”
After another reporter asked if the board had discussed whether he should step down as chairman in the wake of the company’s recent drop in stock price, he said: “Not that I’m aware of.”
Mr Zuckerberg said that the 87 million figure, buried near the bottom of a Facebook blog post earlier in the day, was “the maximum number” thought possible, and admitted “we don’t actually know” the true total that were affected.
Previous estimates had suggested 50 million users were at risk, but as Mr Zuckerberg spoke, Cambridge Analytica claimed on Twitter that “no more than 30 million” individuals saw their data accessed.
The company also tweeted: “When Facebook contacted us to let us know the data had been improperly obtained, we immediately deleted the raw data from our file server, and began the process of searching for and removing any of its derivatives in our system.”
Asked about those tweets and whether he would consider taking legal action against any companies that illicitly accessed user data, Mr Zuckerberg said Facebook would allow the UK’s Information Commissioner to investigate first but would “take legal action if we need to do that to protect people’s information”.
In Wednesday’s blog post, which outlined a number of proposed changes to Facebook’s terms of service in the wake of the privacy row, the company explained that it had disabled a feature that had previously allowed people to search for users by their mobile number or email address, if they chose to allow it in their settings.
Chief technology officer Mike Shroepfer, who wrote the update, said this was because “malicious actors” had “abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery”.
On the call, Mr Zuckerberg was asked about this and said: “I would assume if you had that setting turned on that someone at some point has access to your public information in some way.”
The European Union is now contacting data protection authorities in its member nations and in the United States to follow up investigations into whether Facebook breached EU privacy laws when millions of people had their data accessed.