Things seemed bad enough for Facebook when it had to admit that a consulting firm working with Donald Trump’s presidential campaign had used an app to pull profile data from 50 million of the site’s users, a breach so bad that it forced Mark Zuckerberg to issue one of his usual unsatisfying apologies, prompted the FTC to open an investigation into the site, and led to a lot of users (some of them famous) ditching their accounts altogether. As it turns out, though, the breach was even worse than the reports initially claimed, with Wired reporting that Facebook has now admitted that the number of accounts affected is actually closer to 87 million.
Facebook also announced that on April 9 it will launch some kind of tool that will allow users to see if they were impacted by the firm—Cambridge Analytica—and its scheme, which is probably a good idea even if it does shift some of the blame away from Facebook itself. Cambridge Analytica may have used a loophole in Facebook’s privacy system to get away with information from 87 million profiles, but Facebook unintentionally built that loophole in the first place. Really, the more straightforward solution here is just to determine if Facebook itself has done something nefarious with your data, which it definitely has if you’ve ever had a Facebook account.
That may seem like an exaggeration, but the Wired story explains that this latest breach is just one of the more famous examples. Facebook has also admitted that it’s removing the ability to look people up by their phone numbers, because apparently “malicious actors” were able to run through “hundreds of thousands of IP addresses” in order to find people’s phone numbers and then use that information to get access to the information on their profiles. On top of that, Facebook is also just now realizing that it should double-check any apps that try to access information on a user’s location check-ins, likes, videos, and other things worth stealing.
Then there’s the extremely likely possibility that Cambridge Analytica isn’t the only company to have snagged a ton of profile information in this way, especially since it took Facebook a long time to address that particular issue, so it’s clear that things aren’t going particularly well for the site. Hopefully he can explain some of this when he testifies before Congress.