On Wednesday, Facebook said up to 87 million people may have had their data inappropriately accessed by the political analytics firm Cambridge Analytica. That number far exceeds estimates in previous news reports, which pegged it at 50 million.
"In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica," Mike Schroepfer, Facebook's chief technology officer, said at the very bottom of a long blog post describing updates Facebook is making to prevent similar data leaks in the future.
The revelation of this larger number follows a pattern of bad numbers getting bigger for Facebook. Last year, the company first said 10 million people were reached on its platform by the Kremlin-linked Internet Research Agency's chaos campaign. The company then revised the number to 126 million before revising it once again to 146 million. The fallout of its Cambridge Analytica crisis is now unfolding in a similar manner.
Last fall, Facebook's general counsel answered questions from three congressional committees after the revelations about Russian election meddling. Now, Facebook will return to Washington once again in the aftermath of its Cambridge Analytica scandal. But this time, the company is sending its CEO Mark Zuckerberg before the House Energy and Commerce Committee on April 11.
In both cases, Facebook has made efforts to show it can mend its broken platform on its own. Ahead of the hearings last fall, it said it would publicly display all ads on its platform, ending a practice in which ads could be hidden from view and shown only to those people they were targeting. In an interview in March, Zuckerberg said he was "not sure Facebook shouldn't be regulated." But Facebook's attempts to self-regulate seem to have satisfied most legislators. The Honest Ads Act, which would require the company to be more transparent about its ads, is stalled in both the House and Senate.
Still, Facebook is preparing for the upcoming congressional hearing with another batch of changes. In his post, Schroepfer said the company will now "approve all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups." Facebook also limited a number of other entryways that developers use to access user data.
"Overall," Schroepfer said, "we believe these changes will better protect people’s information while still enabling developers to create useful experiences."