Data belonging to over 562,455 Indian Facebook users may have been improperly accessed by British political consulting firm Cambridge Analytica, the social media giant has revealed.  This information came as part of the revelation that Cambridge Analytical had access to data from 87 million users, mostly from the US, around 37 million more than what had been reported earlier.

“In total, we believe the Facebook information of up to 87 million people — mostly in the U.S. — may have been improperly shared with Cambridge Analytica by apps that they or their friends used,” Facebook CTO Mike Schroepfer wrote in a blog post. Facebook has noted that the 87 million number is their best estimate at the moment, so it would not be a surprise to see that number rise up.

Over half a million Indians compromised

The revelation that 562,455 Indian users had their personal data compromised is something that the Indian government will be keenly following. Last week the government had sent a show cause notice to Facebook seeking details of whether the personal data of Indian voters and users has been compromised by British data firm Cambridge Analytica or any other entities. The government is also seeking details on whether the data obtained from Facebook has been used to manipulate the Indian electoral process. The social media giant has been given time till April 7, to respond to the letter by the Ministry of Electronics and IT (MeitY).

While a little over half a million people being targeted may not influence any national election in India, Cambridge Analytica’s India operations have reportedly worked in state and local elections where this may have been useful. Even if one disregards any sort of electoral fallout this revelation is still gravely concerning, as the data of half a million users was compromised. The government must press Facebook to do its best to inform all Indian users who have had their personal data effectively stolen without them even knowing about it. The government must then use the data provided by Facebook to press Cambridge Analytica on how this data was used.

Facebook announces sweeping changes to APIs

Mark Zuckerberg, during a conference call, shortly after the post was published, said: “We didn’t take a broad enough view on what our responsibility was and that was a huge mistake. That was my mistake.”

Facebook CTO Schroepfer, in his blog post, outlined sweeping changes to the way third-party developers can interact with Facebook via APIs (Application Programming Interfaces), the software layer through which third parties can interact with and extract data from the platform.

Here are some of the key highlights:

  • The company will no longer allow developers to access the guest list or wall posts of an event scheduled on Facebook, while developers seeking to access the data of Facebook group members will first need to get the permission from a group administrator to ensure “they benefit the group”.
  • Facebook is tightening its review process and will now need to approve every app that uses its login feature to collect information beyond basic profile data, like a user’s name and email.
  • Facebook will also stop apps from asking about ideological information, like a user’s religious or political views, relationship status, education, work history, fitness activity, news habits and activity related to news, video and games consumption.
  • Facebook is expediting a plan to close its Instagram Platform API, which was originally planned to happen gradually over the next few years. the company says the “deprecation” of that API will take place “effective today.”
  • Users can’t search for people on Facebook using their email or phone number anymore. Facebook says “malicious actors” were abusing that feature, so they are disabling it.
  • Facebook will start alerting users that their data may have been part of the Cambridge Analytica data set beginning Monday, April 9. The company will put a link at the top of every Facebook user’s News Feed to help them understand which third-party apps have their data. That alert will also include whether or not your data was part of the set obtained by Cambridge Analytica.